<?php  

/*

***************************************
*                                     *
* Copyright 2011 David Matthew Pugh   *
* Contact Info:thebravedave@gmail.com *
*                                     *
***************************************

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

if(file_exists("../stringgenerator.php"))
{
    include('../stringgenerator.php');
}
else
{
    include_once('./stringgenerator.php');     
}


class paypalhttppost
{
    public $environment; 
    public $username;
    public $password;
    public $signature;
    public $refunds;
     
    function __construct()
    {
        $filename = "../configurational/testing_or_production.php";
        if(!file_exists($filename))
        {
            $filename = "./configurational/testing_or_production.php";
        }
        $contents = file($filename);
        $statusstring = "";
        foreach($contents as $key => $value)
        {
            if(strpos($value, "status") !== false)
            {
               $statusstring = $value; 
            }
        }
        $statusarray = (explode("=", $statusstring));
        $status = trim($statusarray[1]);
        if($status == "development")
        {
           $this->environment = "sandbox";      
        }
        
        
        $filename = "../configurational/paypalconfiguration.php";
        if(!file_exists($filename))
        {
            $filename = "./configurational/paypalconfiguration.php";
        }
        $contents = file($filename);
        
        $usernamestring = "";
        $passwordstring = "";
        $signaturestring = "";
        foreach($contents as $id => $value)
        {
            if(strpos($value, "username") !== false)
            {
               $usernamestring = $value; 
            }
            if(strpos($value, "password") !== false)
            {
               $passwordstring = $value; 
            }
            if(strpos($value, "signature") !== false)
            {
               $signaturestring = $value; 
            }
            
        }
        
        $usernamearray = explode("=", $usernamestring);
        $username = trim($usernamearray[1]);
        $passwordarray = explode("=", $passwordstring);
        $password = trim($passwordarray[1]);
        $signaturearray = explode("=", $signaturestring);
        $signature = trim($signaturearray[1]);
        $this->username = $username; 
        $this->password = $password;     
        $this->signature = $signature;
        
        
       
    }
    public function FullyRefundTransaction($transactionID)
    {
        
        $refundType = "Full";
        $currencyCode = "USD";
        $nvpStr = "&TRANSACTIONID=$transactionID&REFUNDTYPE=$refundType&CURRENCYCODE=$currencyCode";      
        $httpParsedResponseAr = $this->PPWebservice('RefundTransaction', $nvpStr);
        return $httpParsedResponseAr;
    } 
    public function GetTransactionDetails($transactionID)
    {
         $transactionID = strtoupper($transactionID);     
         $nvpStr = "&TRANSACTIONID=$transactionID";
         $httpParsedResponseAr = $this->PPWebservice('GetTransactionDetails', $nvpStr);
         return $httpParsedResponseAr;
    } 
    private function deformatNVP($nvpstr)
    {

        $intial=0;
        $nvpArray = array();


        while(strlen($nvpstr)){
            //postion of Key
            $keypos= strpos($nvpstr,'=');
            //position of value
            $valuepos = strpos($nvpstr,'&') ? strpos($nvpstr,'&'): strlen($nvpstr);

            /*getting the Key and Value values and storing in a Associative Array*/
            $keyval=substr($nvpstr,$intial,$keypos);
            $valval=substr($nvpstr,$keypos+1,$valuepos-$keypos-1);
            //decoding the respose
            $nvpArray[urldecode($keyval)] =urldecode( $valval);
            $nvpstr=substr($nvpstr,$valuepos+1,strlen($nvpstr));
         }
        return $nvpArray;
    }
    private function nvpHeader()
    {
        $API_UserName = urlencode($this->username);
        $API_Password = urlencode($this->password);
        $API_Signature = urlencode($this->signature);
        $API_Endpoint = "https://api-3t.paypal.com/nvp";
        $environ = $this->environment;
        
        if("sandbox" === $environ || "beta-sandbox" === $environ) 
        {
            $API_Endpoint = "https://api-3t.$environ.paypal.com/nvp";
        }
        $version = urlencode('65.1');
        $subject = "";
        $AUTH_token = "";
        $Auth_timestamp = "";

    $nvpHeaderStr = "";

    if(defined('AUTH_MODE')) 
    {
        //$AuthMode = "3TOKEN"; //Merchant's API 3-TOKEN Credential is required to make API Call.
        //$AuthMode = "FIRSTPARTY"; //Only merchant Email is required to make EC Calls.
        //$AuthMode = "THIRDPARTY";Partner's API Credential and Merchant Email as Subject are required.
        $AuthMode = "AUTH_MODE"; 
    } 
    else 
    {
        
        if((!empty($API_UserName)) && (!empty($API_Password)) && (!empty($API_Signature)) && (!empty($subject))) {
            $AuthMode = "THIRDPARTY";
        }
        
        else if((!empty($API_UserName)) && (!empty($API_Password)) && (!empty($API_Signature))) {
            $AuthMode = "3TOKEN";
        }
        
        elseif (!empty($AUTH_token) && !empty($AUTH_signature) && !empty($AUTH_timestamp)) {
            $AuthMode = "PERMISSION";
        }
        elseif(!empty($subject)) {
            $AuthMode = "FIRSTPARTY";
        }
    }
    switch($AuthMode) 
    {
        
        case "3TOKEN" : 
                $nvpHeaderStr = "&PWD=".urlencode($API_Password)."&USER=".urlencode($API_UserName)."&SIGNATURE=".urlencode($API_Signature) . "&VERSION=" . urlencode($version);
                break;
        case "FIRSTPARTY" :
                $nvpHeaderStr = "&SUBJECT=".urlencode($subject);
                break;
        case "THIRDPARTY" :
                $nvpHeaderStr = "&PWD=".urlencode($API_Password)."&USER=".urlencode($API_UserName)."&SIGNATURE=".urlencode($API_Signature)."&SUBJECT=".urlencode($subject) . "&VERSION=" . urlencode($version);
                break;        
        case "PERMISSION" :
                $nvpHeaderStr = formAutorization($AUTH_token,$AUTH_signature,$AUTH_timestamp);
                break;
    }
        return $nvpHeaderStr;
}
    public function SetExpressCheckout($nvpStr)
    {
        $USE_PROXY = false;
            
        $API_UserName = urlencode($this->username);
        $API_Password = urlencode($this->password);
        $API_Signature = urlencode($this->signature);
        $API_Endpoint = "https://api-3t.paypal.com/nvp";
        $environ = $this->environment;
        
        if("sandbox" === $environ || "beta-sandbox" === $environ) 
        {
            $API_Endpoint = "https://api-3t.$environ.paypal.com/nvp";
        }
        $version = urlencode('51.0');
        // form header string
        $nvpheader= $this->nvpHeader();
        //setting the curl parameters.
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL,$API_Endpoint);
        curl_setopt($ch, CURLOPT_VERBOSE, 1);

        //turning off the server and peer verification(TrustManager Concept).
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);

        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
        curl_setopt($ch, CURLOPT_POST, 1);
        
        //in case of permission APIs send headers as HTTPheders
        if(!empty($AUTH_token) && !empty($AUTH_signature) && !empty($AUTH_timestamp))
         {
            $headers_array[] = "X-PP-AUTHORIZATION: ".$nvpheader;
      
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers_array);
        curl_setopt($ch, CURLOPT_HEADER, false);
        }
        else 
        {
            $nvpStr=$nvpheader.$nvpStr;
        }
        //if USE_PROXY constant set to TRUE in Constants.php, then only proxy will be enabled.
       //Set proxy name to PROXY_HOST and port number to PROXY_PORT in constants.php 
        if($USE_PROXY)
        curl_setopt ($ch, CURLOPT_PROXY, PROXY_HOST.":".PROXY_PORT); 


        $methodName="SetExpressCheckout";
        $nvpreq="METHOD=".urlencode($methodName).$nvpStr;
        
        //setting the nvpreq as POST FIELD to curl
        curl_setopt($ch,CURLOPT_POSTFIELDS,$nvpreq);

        //getting response from server
        $response = curl_exec($ch);

        //converting NVPResponse to an Associative Array
        $nvpResArray=$this->deformatNVP($response);
        $nvpReqArray=$this->deformatNVP($nvpreq);
        $_SESSION['nvpReqArray']=$nvpReqArray;

        if (curl_errno($ch)) 
        {
            // moving to display page to display curl errors
              $_SESSION['curl_error_no']=curl_errno($ch) ;
              $_SESSION['curl_error_msg']=curl_error($ch);
              $location = "APIError.php";
              //header("Location: $location");
         } 
         else 
         {
             //closing the curl
                curl_close($ch);
         }

          return $nvpResArray;
        
        
    }
    function DoCreditCardTransaction($nvpStr_) 
    {
        
        $API_UserName = urlencode($this->username);
        $API_Password = urlencode($this->password);
        $API_Signature = urlencode($this->signature);
        $API_Endpoint = "https://api-3t.paypal.com/nvp";
        $environ = $this->environment;
        
        if("sandbox" === $environ || "beta-sandbox" === $environ) 
        {
            $API_Endpoint = "https://api-3t.$environ.paypal.com/nvp";
        }
        $version = urlencode('51.0');
      
        // Set the curl parameters.
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $API_Endpoint);
        curl_setopt($ch, CURLOPT_VERBOSE, 1);

        // Turn off the server and peer verification (TrustManager Concept).
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);                                                    
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_POST, 1);

        // Set the API operation, version, and API signature in the request.
        $nvpreq = "USER=$API_UserName&PWD=$API_Password&SIGNATURE=$API_Signature$nvpStr_&VERSION=$version&METHOD=DoDirectPayment&RETURNFMFDETAILS=1";
       
        // Set the request as a POST FIELD for curl.
        curl_setopt($ch, CURLOPT_POSTFIELDS, $nvpreq);

        // Get response from the server.
        $httpResponse = curl_exec($ch);

        if(!$httpResponse) {
            exit("$methodName_ failed: ".curl_error($ch).'('.curl_errno($ch).')');
        }

        // Extract the response details.
        $httpResponseAr = explode("&", $httpResponse);

        $httpParsedResponseAr = array();
        foreach ($httpResponseAr as $i => $value) {
            $tmpAr = explode("=", $value);
            if(sizeof($tmpAr) > 1) {
                $httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1];
            }
        }

        if((0 == sizeof($httpParsedResponseAr)) || !array_key_exists('ACK', $httpParsedResponseAr)) {
            exit("Invalid HTTP Response for POST request($nvpreq) to $API_Endpoint.");
        }

    return $httpParsedResponseAr;
}
    
    public function PPWebservice($methodName_, $nvpStr_)      
    {   
       
        
        $API_UserName = urlencode($this->username);
        $API_Password = urlencode($this->password);
        $API_Signature = urlencode($this->signature);
        $API_Endpoint = "https://api-3t.paypal.com/nvp";
        $environ = $this->environment;
        
        if("sandbox" === $environ || "beta-sandbox" === $environ) {
            $API_Endpoint = "https://api-3t.$environ.paypal.com/nvp";
        }
        $version = urlencode('51.0');

        // Set the curl parameters.
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $API_Endpoint);
        curl_setopt($ch, CURLOPT_VERBOSE, 1);

        // Turn off the server and peer verification (TrustManager Concept).
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);

        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_POST, 1);

        // Set the API operation, version, and API signature in the request.
        $nvpreq = "METHOD=$methodName_&VERSION=$version&PWD=$API_Password&USER=$API_UserName&SIGNATURE=$API_Signature$nvpStr_";

        // Set the request as a POST FIELD for curl.
        curl_setopt($ch, CURLOPT_POSTFIELDS, $nvpreq);

        // Get response from the server.
        $httpResponse = curl_exec($ch);

        if(!$httpResponse) {
            exit("$methodName_ failed: ".curl_error($ch).'('.curl_errno($ch).')');
        }

        // Extract the response details.
        $httpResponseAr = explode("&", $httpResponse);

        $httpParsedResponseAr = array();
        foreach ($httpResponseAr as $i => $value) {
            $tmpAr = explode("=", $value);
            if(sizeof($tmpAr) > 1) {
                $httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1];
            }
        }

        if((0 == sizeof($httpParsedResponseAr)) || !array_key_exists('ACK', $httpParsedResponseAr)) {
            exit("Invalid HTTP Response for POST request($nvpreq) to $API_Endpoint.");
        }

        return $httpParsedResponseAr;
    }  
}
  
class item
{            
    public $category_id; 
    public $description;  
    public $general_description; 
    public $gw_id;
    public $imageurl; 
    public $instock;    
    public $item_name;
    public $limit;        
    public $packing;  
    public $page; 
    public $price; 
    public $site_dbName;
    public $site_dbPassword;            
    public $site_dbServer;       
    public $site_dbUser;       
    public $weight; 
   
    
    
    
   
    
    function __construct()
    {
        $filename = "../configurational/databaseinfo.php";
        if(!file_exists($filename))
        {
            $filename = "./configurational/databaseinfo.php";
        }
        $serverstring = "";
        $databasestring = "";
        $usernamestring = "";
        $passwordstring = "";
        $contents = file($filename); 
        foreach($contents as $key => $value)
        {   
            if(strpos($value, "server") !== false)
            {
               $serverstring = $value; 
            }
            if(strpos($value, "database") !== false)
            {
               $databasestring = $value; 
            }
            if(strpos($value, "username") !== false)
            {
               $usernamestring = $value;
            }
            if(strpos($value, "password") !== false)
            {
               $passwordstring = $value;  
            }
            
        }
        $serverArray = explode("=", $serverstring);
        $server = trim($serverArray[1]);
        $databaseArray = explode("=", $databasestring);
        $database = trim($databaseArray[1]);
        $userArray = explode("=", $usernamestring);
        $user = trim($userArray[1]);
        $passwordArray = explode("=", $passwordstring);
        $password = trim($passwordArray[1]);
        $this->site_dbServer = $server;
        $this->site_dbName = $database;
        $this->site_dbUser = $user;
        $this->site_dbPassword = $password;  
    }
    public function additem()
    {
        $xml_string = "";
        
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {                     
            $gw_name = $this->item_name;
            $category_id = $this->category_id;   
            $general_description = $this->general_description;
            $description = urlencode($this->description);
            $image = urlencode($this->imageurl);
            $price = $this->price;
            $in_stock = $this->instock;
            $packing = $this->packing;  
            $weight  = $this->weight;
             
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());     
            $query = "INSERT INTO general_widget(gw_name, category_id, general_description, description, image, price, in_stock, packing, weight) VALUES(?,?,?,?,?,?,?,?,?)";       
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('sisssdisd', $gw_name, $category_id, $general_description, $description, $image, $price, $in_stock, $packing, $weight); 
            $stmt->execute();
            $item_id = $stmt->insert_id;
            $stmt->close();     
            $mysqli_conn->close();
        }
        
        
        $xml_string .= "<xml>";    
        $xml_string .= "<added>1</added>";      
        $xml_string .= "<item_id>$item_id</item_id>";
        $xml_string .= "</xml>";    
        
        return $xml_string;        
        
    }    
    public function deleteitem()
    {
        $xml_string = "";
        
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
            $gw_id = $this->gw_id;
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
            $query = "DELETE FROM general_widget WHERE gw_id = (?)";
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('i', $gw_id); 
            $stmt->execute();
            $number_deleted = $stmt->affected_rows;
            $stmt->close(); 
            $mysqli_conn->close();
        }       
        
        $xml_string .= "<xml>";        
        $xml_string .= "<deleted>$number_deleted</deleted>";
        $xml_string .= "<gw_id>$gw_id</gw_id>";
        $xml_string .= "</xml>";    
        return $xml_string;        
        
        }
    public function deleteitemandrelateddata()
    {
        $xml_string = "";
        
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        { 
            $gw_id = $this->gw_id;
            $itemspecialization = new itemspecialization();
            $itemspecialization->gw_id = $gw_id;
            $iscResponse = $itemspecialization->getitemspecializationbygwid();
            $iscXml = new SimpleXMLElement($iscResponse);
            $iscCount = $iscXml->Item_Count;
            //need to get the itemspecialization categories for this this general widget 
            if($iscCount != 0)
            {    
                foreach($iscXml->Item as $iscItem)
                {
                    $current_isc_id = $iscItem->isc_id;
                    $itemspecialization->isc_id = $current_isc_id;
                    $itemspecialization->deleteitemspecializationdescriptorbyiscid();
                    $itemspecialization->deleteitemspecializationbyiscid();
                        
                }
                $swResponse = $itemspecialization->getspecificwidgetbygwid();
                $swXml = new SimpleXMLElement($swResponse);
                $swCount = $swXml->Item_Count;
                if($swCount != 0)
                {         
                    foreach($swXml->Item as $swItem)
                    {
                        $current_sw_id = $swItem->sw_id;
                        $itemspecialization->sw_id = $current_sw_id;
                        $itemspecialization->deletespecificwidgetpivotbyswid();
                        $itemspecialization->deletespecificwidgetbyswid();
                    }
                }
            }
            $item = new item();
            $item->gw_id = $gw_id;
            $item->deleteitem();
            
        
        }
        
    }
    public function getallitems()
    {     
        
        $xml_string = "";
        if(isset($this->page))
        {
            $page = $this->page;  
        }
        else
        {
            $page = 1;
        }             
        if(isset($this->limit))
        {
            $limit = $this->limit;   
        }
        else
        {
            $limit = 3;
        }
          //how many items to show per page
        if($page) 
            $start = ($page - 1) * $limit;             //first item to display on this page
        else
            $start = 0;                                
        
        //Count how many items are in database
        $query = "SELECT count(gw_id) AS Item_Count FROM general_widget";
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();   
        
        $stmt->close();
        $mysqli->close(); 
        
          
        
        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    
     
        if($Item_Count != 0)
        {
            $query = "SELECT general_widget.*, categories.category FROM general_widget, categories WHERE categories.category_id=general_widget.category_id ORDER BY categories.category, general_widget.gw_name LIMIT $start, $limit";           
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            $stmt->execute();
            $stmt->bind_result($gw_id, $gw_name, $category_id, $general_description, $description, $image, $price, $in_stock, $packing, $weight, $category);   

            while ($stmt->fetch()) 
            {
                $xml_string .= "<Item>";
                $xml_string .= "<gw_id>" . $gw_id . "</gw_id>";
                $xml_string .= "<gw_name>" . $gw_name . "</gw_name>";
                $xml_string .= "<category_id>" . $category_id . "</category_id>";
                $xml_string .= "<category>" . $category . "</category>";
                $xml_string .= "<general_description>" . $general_description . "</general_description>";
                $xml_string .= "<description>" . $description . "</description>";
                $xml_string .= "<image>" . $image . "</image>";    
                $xml_string .= "<price>" . $price . "</price>";   
                $xml_string .= "<in_stock>" . $in_stock . "</in_stock>";  
                $xml_string .= "<packing>" . $packing . "</packing>";  
                $xml_string .= "<weight>" . $weight . "</weight>";      
                $xml_string .= "</Item>";
            }            
            $xml_string .= "</xml>";    
        }           
        
        return $xml_string;
    } 
    public function getgeneralitembycategory()
    {   
        $xml_string = "";
        
        if(isset($this->page))
        {
            $page = $this->page;  
        }
        else
        {
            $page = 1;
        }              
        if(isset($this->limit))
        {
            $limit = $this->limit;   
        }
        else
        {
            $limit = 3;
        }
          //how many items to show per page
        if($page) 
            $start = ($page - 1) * $limit;             //first item to display on this page
        else
            $start = 0;                                
        
        $category_id = $this->category_id;
          
        $query = "SELECT count(*) AS Item_Count FROM general_widget WHERE category_id = ?";       
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('i', $category_id);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 
        
        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        {
            $query = "SELECT categories.category, general_widget.* FROM categories, general_widget WHERE categories.category_id=general_widget.category_id AND general_widget.category_id= ? ORDER BY gw_name LIMIT $start, $limit";         
            
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            $stmt->bind_param('i', $category_id);
            $stmt->execute();
            $stmt->bind_result($category, $gw_id, $gw_name, $category_id, $general_description, $description, $image, $price, $in_stock, $packing, $weight);                                                                     

            while ($stmt->fetch()) 
            {    
                $xml_string .= "<Item>";
                $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";
                $xml_string .= "<gw_id>" . $gw_id . "</gw_id>";   
                $xml_string .= "<category_id>" . $category_id . "</category_id>"; 
                $xml_string .= "<category>" . $category . "</category>";    
                $xml_string .= "<gw_name>" . $gw_name . "</gw_name>";
                $xml_string .= "<general_description>" . $general_description . "</general_description>";
                $xml_string .= "<description>" . $description . "</description>";
                $xml_string .= "<image>" . $image . "</image>";
                $xml_string .= "<price>" . $price . "</price>";
                $xml_string .= "<in_stock>" . $in_stock . "</in_stock>";
                $xml_string .= "<packing>" . $packing . "</packing>";
                $xml_string .= "<weight>" . $weight . "</weight>";  
                $xml_string .= "</Item>";
            }                       
        }
        $xml_string .= "</xml>"; 
        return $xml_string;  
    }
    public function getitembycategory()     
    {    
        $xml_string = "";
        $page = 1;
        $limit = 6;    
        if(isset($this->page))
        {
            $page = $this->page;  
        }
       
        $category_id = $this->category_id;
        if(isset($this->limit))
        {
            $limit = $this->limit;   
        }
       
        $category_id = $this->category_id; 
       
        //Count how many total
        $query = "SELECT count(*) AS Item_Count FROM general_widget WHERE category_id = ? ";           
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('i', $category_id);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

       //how many items to show per page
        if($page) 
            $start = ($page - 1) * $limit;             //first item to display on this page
        else
            $start = 0;                                //if no page var is given, set start to 0
 
        if($Item_Count != 0)
        {  
            
            $query = "SELECT categories.category, general_widget.* FROM categories, general_widget WHERE categories.category_id=general_widget.category_id AND general_widget.category_id= ? ORDER BY gw_name LIMIT $start, $limit";         
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            $stmt->bind_param('i', $category_id); 
            $stmt->execute();
            $stmt->bind_result($category, $gw_id, $gw_name, $category_id, $general_description, $description, $image, $price, $in_stock, $packing, $weight);                                                                                     

            while ($stmt->fetch()) 
            {  
                    
                //here is where we check if the item is specialized. if it isnt, then proceed to add nonspec. to xml string, if so, then print different item xml string

                $itemspecialization = new itemspecialization();
                $itemspecialization->gw_id = $gw_id;
                $temp_string = $itemspecialization->getspecificwidgetbygwid();
                $sw_xml = new SimpleXMLElement($temp_string);
                $this_item_count = $sw_xml->Item_Count;
                $this_item_count = (int)$this_item_count;

                if($this_item_count == 0)
                {  
                    $xml_string .= "<Item>";
                    $xml_string .= "<specialized>false</specialized>";
                    $xml_string .= "<gw_id>" . $gw_id . "</gw_id>";   
                    $xml_string .= "<category_id>" . $category_id . "</category_id>"; 
                    $xml_string .= "<category>" . $category . "</category>";    
                    $xml_string .= "<gw_name>" . $gw_name . "</gw_name>";
                    $xml_string .= "<general_description>" . $general_description . "</general_description>";
                    $xml_string .= "<description>" . $description . "</description>";
                    $xml_string .= "<image>" . $image . "</image>";
                    $xml_string .= "<price>" . $price . "</price>";
                    $xml_string .= "<in_stock>" . $in_stock . "</in_stock>";
                    $xml_string .= "<packing>" . $packing . "</packing>"; 
                    $xml_string .= "<weight>" . $weight . "</weight>"; 
                    $xml_string .= "</Item>";
                }
                else
                {      
                    $ssw_build = "";                           
                    foreach($sw_xml->Item as $eachitem_sw)
                    {

                        $this_sw_id = $eachitem_sw->sw_id; 
                        $this_active = $eachitem_sw->active;
                        $this_sw_id = (string)$this_sw_id;   
                        $this_active = (string)$this_active;                              
                        if($this_active != "inactive")
                        {
                            $ssw_build .= "<Item>"; 
                            $this_price = $eachitem_sw->price;
                            $this_qty = $eachitem_sw->qty;
                            $this_image = $eachitem_sw->image;
                            $this_weight = $eachitem_sw->weight;                                    
                            $itemspecialization->sw_id = $this_sw_id;
                            $temp_swp = $itemspecialization->getspecificwidgetpivotbyswid();                                  
                            $swp_xml = new SimpleXMLElement($temp_swp);                                  
                            $isd_id_array = array();
                            $temp_isd_array = array();
                            foreach($swp_xml->Item as $eachitem_swp)
                            {                              
                                $this_isd_id = $eachitem_swp->isd_id;
                                $this_isd_id = (string)$this_isd_id;
                                $itemspecialization->isd_id = $this_isd_id;
                                $temp_isd2 = $itemspecialization->getitemspecializationdescriptorbyisdid();
                                $isd_xml = new SimpleXMLElement($temp_isd2);                                      
                                foreach($isd_xml->Item as $eachitem_isd2)
                                {
                                    $this_descriptor = $eachitem_isd2->descriptor;
                                    $this_descriptor = (string)$this_descriptor;
                                    $isd_id_array[$this_descriptor] = $this_isd_id;
                                    $this_isc_id = $eachitem_isd2->isc_id;
                                            
                                } 
                                $itemspecialization->isc_id = $this_isc_id;
                                $temp_isc = $itemspecialization->getitemspecializationcategorybyiscid();
                                $isc_xml = new SimpleXMLElement($temp_isc);
                                foreach($isc_xml->Item as $eachitem_isc)
                                {
                                    $this_category = $eachitem_isc->category;
                                    $this_category = (string)$this_category;   
                                }
                                $temp_isd_array[$this_category] = $this_descriptor;                                   
                                //sort the array of categorys and descriptors we just built up that correspond to our sw_id
                                ksort($temp_isd_array);
                                $temp_isd_build = ""; 
                                $temp_isd_build .= "<description>";
                  
                            }
                                    
                            foreach($temp_isd_array as $key => $value)
                            {                          
                                $current_category = $key;
                                $current_descriptor = $value;                                           
                                $value_isd_id = $isd_id_array[$current_descriptor];  
                                $temp_isd_build .= "<Item>"; 
                                $temp_isd_build .= "<isd_id>" . $value_isd_id . "</isd_id>";
                                $temp_isd_build .= "<descriptor>" . $current_descriptor . "</descriptor>";
                                $temp_isd_build .= "<category>" . $current_category . "</category>";
                                $temp_isd_build .= "</Item>";   
                            }
                            $temp_isd_build .= "</description>";
                            //we now need to add this temp_isd_build to the ssw xml      
                            $ssw_build .= "<sw_id>" . $this_sw_id . "</sw_id>" . "<price>" . $this_price . "</price>" . "<weight>" . $this_weight . "</weight>" 
                                       . "<qty>" . $this_qty . "</qty>" . "<image>" . $this_image . "</image>" . $temp_isd_build;
                            $ssw_build .= "</Item>";
                        }
                             
                    }            
                            $xml_string .= "<Item>";
                            $xml_string .= "<specialized>true</specialized>";
                            $xml_string .= "<specialization>" . $ssw_build . "</specialization>";
                            $xml_string .= "<gw_id>" . $gw_id . "</gw_id>";   
                            $xml_string .= "<category_id>" . $category_id . "</category_id>"; 
                            $xml_string .= "<category>" . $category . "</category>";    
                            $xml_string .= "<gw_name>" . $gw_name . "</gw_name>";
                            $xml_string .= "<general_description>" . $general_description . "</general_description>";
                            $xml_string .= "<description>" . $description . "</description>";
                            $xml_string .= "<image>" . $image . "</image>";
                            
                            $xml_string .= "<in_stock>" . $in_stock . "</in_stock>";
                            $xml_string .= "</Item>";                                     
                }           
        
                   
            }
            $xml_string .= "</xml>";   
        }
        else
        {
            $xml_string .= '</xml>';
        }  
        return $xml_string;
    }
    public function getitembyid()
    {
        $xml_string = "";  
        //Count how many total
        
        $gw_id = $this->gw_id;
        $query = "SELECT count(gw_id) AS Item_Count FROM general_widget WHERE gw_id = ? ";
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('i', $gw_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        { 
            $gw_id = $this->gw_id;
            
            $query = "SELECT categories.category, general_widget.* FROM general_widget, categories WHERE general_widget.gw_id = ? AND categories.category_id=general_widget.category_id";        
            
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            $stmt->bind_param('i', $gw_id); 
            $stmt->execute();
            $stmt->bind_result($category, $gw_id, $gw_name, $category_id, $general_description, $description, $image, $price, $in_stock, $packing, $weight);     

            while ($stmt->fetch()) 
            {
                
                $xml_string .= "<Item>";
                $xml_string .= "<gw_id>" . $gw_id . "</gw_id>";
                $xml_string .= "<gw_name>" . $gw_name . "</gw_name>";
                $xml_string .= "<category_id>" . $category_id . "</category_id>";
                $xml_string .= "<category>" . $category . "</category>";  
                $xml_string .= "<general_description>" . $general_description . "</general_description>";
                $xml_string .= "<description>" . $description . "</description>";
                $xml_string .= "<image>" . $image . "</image>";    
                $xml_string .= "<price>" . $price . "</price>";   
                $xml_string .= "<in_stock>" . $in_stock . "</in_stock>";  
                $xml_string .= "<packing>" . $packing . "</packing>";;    
                $xml_string .= "<weight>" . $weight . "</weight>";    
                $xml_string .= "</Item>";
            }                                
        }
        $xml_string .= "</xml>";   
        return $xml_string;
    }
    public function getitembyname()
    {
         $xml_string = "";
        $title = $this->item_name;
         
         
        //Count how many total
        $query = "SELECT count(*) AS Item_Count FROM general_widget WHERE gw_name LIKE ?";

        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('s', $title);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        { 
            $title = $this->item_name;

            $query = "SELECT general_widget.*, categories.category FROM general_widget, categories WHERE general_widget.category_id=categories.category_id AND general_widget.gw_name LIKE ?";              
            
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {

                $stmt->bind_param('s', $title); 
                $stmt->execute();
                $stmt->bind_result($gw_id, $gw_name, $category_id, $general_description, $description, $image, $price, $in_stock, $packing, $weight, $category);    

                while ($stmt->fetch()) 
                {
                    $xml_string .= "<Item>";
                    $xml_string .= "<gw_id>" . $gw_id . "</gw_id>";
                    $xml_string .= "<gw_name>" . $gw_name . "</gw_name>";
                    $xml_string .= "<category_id>" . $category_id . "</category_id>";
                    $xml_string .= "<category>" . $category . "</category>";
                    $xml_string .= "<general_description>" . $general_description . "</general_description>";
                    $xml_string .= "<description>" . $description . "</description>";
                    $xml_string .= "<image>" . $image . "</image>";    
                    $xml_string .= "<price>" . $price . "</price>";   
                    $xml_string .= "<in_stock>" . $in_stock . "</in_stock>"; 
                    $xml_string .= "<packing>" . $packing . "</packing>";
                    $xml_string .= "<weight>" . $weight . "</weight>";     
                    $xml_string .= "</Item>";
                }            
        
                   
            }
                    
        }
         $xml_string .= "</xml>";   
         return $xml_string;
    }           
    public function updateitem()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
      
            $category_id = $this->category_id;
            $gw_name = $this->item_name;
            $general_description = $this->general_description;
            $description = $this->description; 
            $description = urlencode($description);   
            $image = $this->imageurl;  
            $image = urlencode($image);
            $in_stock = $this->in_stock;  
            $price = $this->price;
            $packing = $this->packing;   
            $weight = $this->weight;  
            $gw_id = $this->gw_id;  
              
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
            $query = "UPDATE general_widget SET  gw_name = (?), category_id = (?), general_description=(?), description=(?), image=(?), in_stock=(?), price=(?), packing=(?), weight=(?) WHERE gw_id = (?)";                                                                                                                                                                                                                   
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('sisssidsdi', $gw_name, $category_id, $general_description, $description, $image, $in_stock, $price, $packing, $weight, $gw_id); 
            $stmt->execute();
            $number_affected = $stmt->affected_rows;
            $stmt->close();        
        }
        $xml_string .= "<xml>";        
        $xml_string .= "<updated>$number_affected</updated>";    
        $xml_string .= "<gw_id>$gw_id</gw_id>";
        $xml_string .= "</xml>";    
        return $xml_string;        
        
        }  
    public function updatespecializedgeneralitem()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
      
            $category_id = $this->category_id;
            $gw_name = $this->gw_name;
            $general_description = $this->general_description;
            $description = urlencode($this->description);    
            $image = urlencode($this->image);  
            $packing = $this->packing;
            $gw_id = $this->gw_id;  
            
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
            $query = "UPDATE general_widget SET gw_name = (?), category_id = (?),  general_description=(?), description=(?), image=(?), packing=(?) WHERE gw_id = (?)";                                                                                                                                                                                                                   
            $stmt = $mysqli_conn->prepare($query);  
           
            //echo '<br/><br />' . $query . "<br /><br />";              
            $stmt->bind_param('sissssi', $gw_name, $category_id, $general_description, $description, $image, $packing, $gw_id); 
            $stmt->execute();
            $number_affected = $stmt->affected_rows;
            $stmt->close();
        }        

        $xml_string .= "<xml>";        
        $xml_string .= "<updated>$number_affected</updated>";    
        $xml_string .= "<gw_id>$gw_id</gw_id>";
        $xml_string .= "</xml>";     
        return $xml_string;       
        
    }                            
}

class itemcategory 
{
    public $category;
    public $category_id;    
    public $description;
    public $image;       
    public $parent_category_id;
    private $site_dbName;
    private $site_dbPassword;   
    private $site_dbServer;
    private $site_dbUser;
    
    
    function __construct()
    {
                $filename = "../configurational/databaseinfo.php";
        if(!file_exists($filename))
        {
            $filename = "./configurational/databaseinfo.php";
        }
        $serverstring = "";
        $databasestring = "";
        $usernamestring = "";
        $passwordstring = "";
        $contents = file($filename); 
        foreach($contents as $key => $value)
        {   
            if(strpos($value, "server") !== false)
            {
               $serverstring = $value; 
            }
            if(strpos($value, "database") !== false)
            {
               $databasestring = $value; 
            }
            if(strpos($value, "username") !== false)
            {
               $usernamestring = $value;
            }
            if(strpos($value, "password") !== false)
            {
               $passwordstring = $value;  
            }
            
        }
        $serverArray = explode("=", $serverstring);
        $server = trim($serverArray[1]);
        $databaseArray = explode("=", $databasestring);
        $database = trim($databaseArray[1]);
        $userArray = explode("=", $usernamestring);
        $user = trim($userArray[1]);
        $passwordArray = explode("=", $passwordstring);
        $password = trim($passwordArray[1]);
        $this->site_dbServer = $server;
        $this->site_dbName = $database;
        $this->site_dbUser = $user;
        $this->site_dbPassword = $password;
    }

    public function additemcategory()  
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
        
        
           
            $parent_category_id = $this->parent_category_id;
        
            
            $category_name = $this->category;
            $description = $this->description;
          
            

                $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());    
                //sql insert that is used if this is not a parent category
                $query = "INSERT INTO categories(category, description, parent_category_id) VALUES (?,?,?)";
                $stmt = $mysqli_conn->prepare($query);  
                $stmt->bind_param('ssi', $category_name, $description, $parent_category_id);                                                                                                                                               
                $stmt->execute();
                $added = $stmt->affected_rows;
                $stmt->close(); 

        }  
            $xml_string .= "<xml>";        
            $xml_string .= "<added>$added</added>";    
            $xml_string .= "</xml>";   
            return $xml_string;         
        
    }    
    public function deletecategorybycategoryid()  
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();

         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
            
             //Bind information to prevent sql injection attacks
           
            $query = "DELETE FROM categories WHERE category_id = ?";      
            $stmt = $mysqli->prepare($query);                 
            $stmt->bind_param('i', $this->category_id); 
            $stmt->execute();
            echo 'successful';   
        }
        $stmt->close();
        $mysqli->close();
    }    
    public function deleteitemcategory()  
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
           //this is the master function that gets the lowest category. i start with the highest one then go to lowest. 

           $this->categoryandassociateddatadeleter();
        }
    }
    public function findchildcategory() 
    {             
               $category_id = $this->category_id;
               $query="SELECT * FROM categories WHERE parent_category_id=?";
               $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());                                                                                                                                                                                                                                                                        

               $stmt = $mysqli_conn->prepare($query);                 
               $stmt->bind_param('i', $category_id); 
               $stmt->execute();
              
               $stmt->bind_result($category_id, $category, $description, $parent_category_id, $image);
               $num_rows = $mysqli_conn->affected_rows;      
               
               
               $child_categories_array = array();
               $numcounter = 0;  
               if($num_rows != 0)
               { 
                   while($stmt->fetch())
                   {         
                        (int)$category_id = $category_id;
                        $child_categories_array[$numcounter]=$category_id;    
                        $numcounter++;              
                   }                                         
                }  
              $stmt->close();
              $mysqli_conn->close();
              return $child_categories_array;              
    }
    public function getallitemcategories()
    {      
        $xml_string = "";          
        //Count how many total
        $query = "SELECT count(category_id) AS Item_Count FROM categories";
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);     
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 
        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

         
        
        if($Item_Count != 0)
        {   
            $query = "SELECT * FROM categories ORDER BY category";                    
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {

                $stmt->execute();
                $stmt->bind_result($category_id, $category, $description, $parent_category_id, $image);   

                while ($stmt->fetch()) 
                {                      
                  
                    $xml_string .= "<Item>";
                    $xml_string .= "<category_id>" . $category_id . "</category_id>";
                    $xml_string .= "<category>" . $category . "</category>";
                    $xml_string .= "<description>" . $description . "</description>";  
                    $xml_string .= "<parent_category_id>" . $parent_category_id . "</parent_category_id>";  
                    $xml_string .= "</Item>";
                }
            }                      
        }              
        $xml_string .= "</xml>";        
        return $xml_string;       
    }                 
    public function getcategorybycategoryid()
    {    
        $xml_string = "";
        $category_id = $this->category_id;    
         /// This is used for POSTting items by ID, used by my makeshift ui       
        //Count how many total
        $query = "SELECT count(category_id) AS Item_Count FROM categories WHERE category_id = ?";
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('i', $category_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        { 
                    
            $query = "SELECT * FROM categories WHERE category_id = ? ORDER BY category";
            
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {

                $stmt->bind_param('i', $category_id); 
                $stmt->execute();
                $stmt->bind_result($category_id, $category, $description, $parent_category_id, $image);   

                while ($stmt->fetch()) 
                {                   
                    $xml_string .= "<Item>";
                    $xml_string .= "<category_id>" . $category_id . "</category_id>";
                    $xml_string .= "<category>" . $category . "</category>";
                    $xml_string .= "<description>" . $description . "</description>";  
                    $xml_string .= "<parent_category_id>" . $parent_category_id . "</parent_category_id>";  
                    $xml_string .= "<image>" . $image . "</image>";   
                    $xml_string .= "</Item>";
                }  
            }              
        }
              
        $xml_string .= "</xml>"; 
        return $xml_string;       
        
    }   
    public function getmaincategories()
    {
        $query = "SELECT COUNT(category_id) AS Item_Count FROM categories WHERE parent_category_id IS NULL OR parent_category_id = '0'";         
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $xml_string = "";
        $xml_string .= "<xml>";
        $xml_string .="<Item_Count>";
        while($stmt->fetch())
        {
            $Item_Count = $Item_Count;
        } 
        $xml_string .= $Item_Count . "</Item_Count>";  
        if($Item_Count > 0)
        {
            $query = "SELECT * FROM categories WHERE parent_category_id IS NULL OR parent_category_id = '0' ORDER BY category"; 
            $stmt = $mysqli->prepare($query);
            $stmt->execute();
            $stmt->bind_result($category_id, $category, $description, $parent_category_id, $image);
            while($stmt->fetch())
            {
                $xml_string .= "<Item>";
                $xml_string .= "<category_id>" . $category_id . "</category_id>";
                $xml_string .= "<category>" . $category . "</category>";
                $xml_string .= "<description>" . $description . "</description>";
                $xml_string .= "<parent_category_id>" . $parent_category_id . "</parent_category_id>";
                $xml_string .= "<image>" . $image . "</image>";
                $xml_string .= "</Item>"; 
            }
            $xml_string .= "</xml>";
        }
        return $xml_string;
                  
    }   
    public function getchildcategories()
    {
        $category_id = $this->category_id;
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
        $query = "SELECT COUNT(category_id) AS Item_Count FROM categories WHERE parent_category_id = ?";
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('i', $category_id);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $xml_string = "";
        $xml_string .= "<xml>";
        $xml_string .="<Item_Count>";
        while($stmt->fetch())
        {
            $Item_Count = $Item_Count;
        } 
        $xml_string .= $Item_Count . "</Item_Count>";  
        if($Item_Count > 0)
        {
            $query = "SELECT * FROM categories WHERE parent_category_id = ? ORDER BY category"; 
            $stmt = $mysqli->prepare($query);
            $stmt->bind_param('i', $category_id);
            $stmt->execute();
            $stmt->bind_result($category_id, $category, $description, $parent_category_id, $image);
            while($stmt->fetch())
            {
                $xml_string .= "<Item>";
                $xml_string .= "<category_id>" . $category_id . "</category_id>";
                $xml_string .= "<category>" . $category . "</category>";
                $xml_string .= "<description>" . $description . "</description>";
                $xml_string .= "<parent_category_id>" . $parent_category_id . "</parent_category_id>";
                $xml_string .= "<image>" . $image . "</image>";
                $xml_string .= "</Item>"; 
            }
           
        }
        $xml_string .= "</xml>";  
        return $xml_string;
        
    }
    public function categoryandassociateddatadeleter()
    {          
       $category_id = $this->category_id;
                
       $item = new item();
       $itemcategory = new itemcategory();
       $itemspecialization = new itemspecialization();               
       $itemcategory->category_id = $category_id;
            
       //now we take the category id and find out if there are any subcategories on it. i think this top down method of deletion will work.
       $array = $itemcategory->findchildcategory();
       $numcounter = count($array);  
 
        if($numcounter != 0)
        {                   
                  
            foreach($array as $value)
            { 
                $subcategory_id = $value;
                $itemcategory->category_id = $subcategory_id;
                $itemcategory->categoryandassociateddatadeleter();
            }
        }              
        //must find all generalitem and specific items for this category and process them               
        //first we should get all the general widgets for this category
        $item->category_id = $category_id;
        $getResponse = $item->getgeneralitembycategory();
        $xml = new SimpleXMLElement($getResponse);
        $gw_count = $xml->Item_Count;
        if($gw_count != 0)
        {
            foreach($xml->Item as $gwItem)
            {                       
                $current_gw_id = $gwItem->gw_id;                        
                //get all specific widgets that correlate to this gwidget and delete them
                $itemspecialization->gw_id = $current_gw_id;
                $sw_getResponse = $itemspecialization->getspecificwidgetbygwid();
                $sw_xml = new SimpleXMLElement($sw_getResponse);
                $sw_count = $sw_xml->item_count;
                if($sw_count != 0)
                {
                    foreach($sw_xml->Item as $swItem)
                    {
                        $current_sw_id = $swItem->sw_id;
                        //must delete all specific widgets pivot entries for this specific widget
                        $itemspecialization->sw_id = $current_sw_id;
                        $itemspecialization->deletespecificwidgetpivotbyswid();
                        //must delete all specific widgets we iterate through
                        $itemspecialization->deletespecificwidgetbyswid();
                    }
                }
                //must get all itemspecialization categories for each general widget so we can delete specific widgets and sw descriptors
                $iscResponse = $itemspecialization->getitemspecializationbygwid();
                $iscXml = new SimpleXMLElement($iscResponse);                           
                foreach($iscXml->Item as $iscItem)
                {
                    $current_isc_id = $iscItem->isc_id;
                    $itemspecialization->isc_id = $current_isc_id;
                    //delete all item specialization descriptors for this item specialization category
                    $itemspecialization->deleteitemspecializationdescriptorbyiscid();
                    //delete this iteration of item specialization categories for this general widget
                    $itemspecialization->deleteitemspecializationbyiscid();                              
                }                         
                //delete each general widget that we iterate through for this category;
                $item->gw_id = $current_gw_id;
                $item->deleteitem();
                                    
            }         
                            
        }               
        //must delete this category
        $itemcategory->category_id = $category_id;
        $itemcategory->deletecategorybycategoryid();
                           
                  
    }
    public function updateitemcategory()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {
            $category = $this->category;
            $description = $this->description;
            $category_id = $this->category_id; 
            $category_id = (int)$category_id;
            $parent_category_id = $this->parent_category_id;    
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
            // Update the Category in the System
            $query = "UPDATE categories SET category = (?), description = (?), parent_category_id = (?) WHERE category_id = (?)";           
            $stmt = $mysqli_conn->prepare($query);
            $stmt->bind_param('ssii', $category, $description, $parent_category_id, $category_id);
            $stmt->execute();
            $stmt->close();   
            $mysqli_conn->close();
       
            if($parent_category_id == "")
            {   
                $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword);
                // Update the Category in the System
                $query = "UPDATE categories SET parent_category_id = (NULL) WHERE category_id = ?";
                // Update the Item in the System
                
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
                $stmt = $mysqli->prepare($query);
                $stmt->bind_param('i', $category_id);
                $stmt->execute();                  
            }          
        }
        $xml_string .= "<xml>";        
        $xml_string .= "<added>1</added>";    
        $xml_string .= "<category_id>$category_id</category_id>";
        $xml_string .= "</xml>";            
        return $xml_string;        
    } 
} 

class itemspecialization
{    
    public $category;  
    public $descriptor;    
    public $gw_id; 
    public $image;
    public $isc_id;
    public $isd_id; 
    public $price;
    public $qty;
    private $site_dbName;
    private $site_dbPassword; 
    private $site_dbServer;            
    private $site_dbUser;
    public $sw_id;
    public $weight;
    
    
    function __construct()
    {
        $filename = "../configurational/databaseinfo.php";
        if(!file_exists($filename))
        {
            $filename = "./configurational/databaseinfo.php";
        }
        $serverstring = "";
        $databasestring = "";
        $usernamestring = "";
        $passwordstring = "";
        $contents = file($filename); 
        foreach($contents as $key => $value)
        {   
            if(strpos($value, "server") !== false)
            {
               $serverstring = $value; 
            }
            if(strpos($value, "database") !== false)
            {
               $databasestring = $value; 
            }
            if(strpos($value, "username") !== false)
            {
               $usernamestring = $value;
            }
            if(strpos($value, "password") !== false)
            {
               $passwordstring = $value;  
            }
            
        }
        $serverArray = explode("=", $serverstring);
        $server = trim($serverArray[1]);
        $databaseArray = explode("=", $databasestring);
        $database = trim($databaseArray[1]);
        $userArray = explode("=", $usernamestring);
        $user = trim($userArray[1]);
        $passwordArray = explode("=", $passwordstring);
        $password = trim($passwordArray[1]);
        $this->site_dbServer = $server;
        $this->site_dbName = $database;
        $this->site_dbUser = $user;
        $this->site_dbPassword = $password; 
    }
    public function activatespecificitem()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {            
            $sw_id = $this->sw_id;  
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
            // Update the Category in the System
            $query = "UPDATE specific_widget SET active = ('active') WHERE sw_id = (?)";
            
            $stmt = $mysqli_conn->prepare($query);
            $stmt->bind_param('s', $sw_id);
            $stmt->execute();
            $stmt->close();   
            $mysqli_conn->close();
        }
           
        $xml_string .= "<xml>";        
        $xml_string .= "<added>1</added>";    
        $xml_string .= "<sw_id>$sw_id</sw_id>";
        $xml_string .= "</xml>";            
        return $xml_string;
    }
    public function additemspecializationcategory()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
        
            $gw_id = $this->gw_id;
            $category = $this->category;  
            
            $stringGenerator = new stringgenerator();
            $isc_id = $stringGenerator->generaterandomstring();
            
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());     
            $query = "INSERT INTO item_specialization(isc_id, gw_id, category) VALUES(?,?,?)";       
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('sis', $isc_id, $gw_id, $category); 
            $stmt->execute();
            $item_id = $stmt->insert_id;
            $stmt->close();
            $mysqli_conn->close();                
        } 
        $xml_string .= "<xml>";    
        $xml_string .= "<added>1</added>";      
        $xml_string .= "<item_id>$isc_id</item_id>";
        $xml_string .= "</xml>";            
        return $xml_string;
    } 
    public function additemspecializationdescriptor()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {    
     
            $isc_id = $this->isc_id;
            $descriptor = $this->descriptor;   
            //add our descriptor id here isd_id
            $stringGenerator = new stringgenerator();
            $isd_id = $stringGenerator->generaterandomstring();
            
           
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());     
            $query = "INSERT INTO item_specialization_descriptors(isd_id, isc_id, descriptor) VALUES(?,?,?)";       
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('sss', $isd_id, $isc_id, $descriptor); 
            $stmt->execute();
            $item_id = $stmt->insert_id;
            $stmt->close();    
            $mysqli_conn->close(); 
        }
        $xml_string .= "<xml>";    
        $xml_string .= "<added>1</added>";      
        $xml_string .= "<isd_id>$isd_id</isd_id>";
        $xml_string .= "</xml>";            
        return $xml_string;
    } 
    public function createspecificitems()
    {
        $xml_string = "";
        $gw_id = $this->gw_id;
        $gw_id = (int) $gw_id;
        
        $query = "SELECT count(*) AS item_count FROM item_specialization WHERE gw_id= ?";

        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('i', $gw_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        { 
            $select_builder = "SELECT";
            $from_crossjoin_builder = "";
            $query = "SELECT * from item_specialization WHERE gw_id= ?";        
            // Connect to the server and select a database
           
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {

            $stmt->bind_param('i', $gw_id); 
            $stmt->execute();
            $stmt->bind_result($id, $isc_id, $gw_id, $category);   
            $looped = 0;
            $cat_name_array = array();
            while ($stmt->fetch()) 
            { 

                //need to build our sql statements   
                $cat_name_array[$looped] = $category;
                $category = str_replace(" ", "", $category);
                $current_cat_id_builder = "id" . $looped;
                $current_cat_descriptor_builder = "descriptor" . $looped;                
                if($looped == 0)
                {
                    $select_builder .= " $category.isd_id $current_cat_id_builder, $category.descriptor $current_cat_descriptor_builder ";                      
                    $from_crossjoin_builder .= "FROM(SELECT isd.isd_id, isd.descriptor FROM item_specialization_descriptors isd LEFT JOIN item_specialization ispec on ispec.isc_id = isd.isc_id WHERE ispec.id = '$id') $category ";                        
                }
                else
                {
                    $select_builder .= ", $category.isd_id $current_cat_id_builder, $category.descriptor $current_cat_descriptor_builder ";                     
                    $from_crossjoin_builder .= "CROSS JOIN(SELECT isd.isd_id, isd.descriptor FROM item_specialization_descriptors isd LEFT JOIN item_specialization ispec on ispec.isc_id = isd.isc_id WHERE ispec.id = '$id') $category ";                        
                }
                    
                    $looped++;   
            }
            $stmt->close();
            $mysqli->close();        
            $sql_query = $select_builder . $from_crossjoin_builder;        
            $dbh = mysqli_connect($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
            if($result = mysqli_query($dbh, $sql_query))
            {
                 
                 while($row = mysqli_fetch_assoc($result))
                 {
                      $stringGenerator = new stringgenerator();
                      $specific_widget_random_id = $stringGenerator->generaterandomstring(10);
                      $specific_widget_random_id = (string)$gw_id . "SWIDGET" . $specific_widget_random_id;
                   
                      $dbh2 = mysqli_connect($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
                      
                      $specific_widget_query = "INSERT INTO specific_widget (active, gw_id, sw_id) VALUES ('inactive', '$gw_id', '$specific_widget_random_id')";
                     
                      if($sw_result = mysqli_query($dbh2, $specific_widget_query))
                      {
                          $tmp_int = 0;
                          while($tmp_int != $looped)
                          {
                               $current_cat_id_builder = "id" . $tmp_int;
                               $current_cat_descriptor_builder = "descriptor" . $tmp_int;                              
                               $current_id = $row[$current_cat_id_builder];
                               $current_descriptor = $row[$current_cat_descriptor_builder];                           
                               $specific_widget_pivot_query = "INSERT INTO specific_widget_pivot (sw_id, isd_id) VALUES ('$specific_widget_random_id', '$current_id')";
                               $sw_pivot_result = mysqli_query($dbh2, $specific_widget_pivot_query);                              
                               $tmp_int++;
                          }
                          
                     }
                     else
                     {
                        echo mysqli_error() . "<br />";
                     }
                      
                  } 
               }
               $dbh->close();
               $dbh2->close();
               mysqli_free_result($result);
              
            }                      
        }  
    }
    public function createspecificitemsfromitemspecializationdescriptor()
    {
        
        $gw_id = (int) $this->gw_id;
        $changed_isc_id = $this->isc_id;
        $added_isd_id = $this->isd_id;            
        $dbh = mysqli_connect($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());            
        //here we get our isd_id's from itemspecialization_descriptor table and build a concat. query string that will leave out the other descriptors from this              //category
        $it_sp_cat_query = "SELECT * FROM item_specialization_descriptors WHERE isc_id = '$changed_isc_id' AND isd_id != '$added_isd_id'";           
        $stmt = mysqli_stmt_init($dbh);
        // Prepare statement, bind result variables, execute and place results into bound result variables
            
        $isd_id_array = array();
        $array_counter = 0;
        $isd_exclusion_concat = "";
        if (mysqli_stmt_prepare($stmt, $it_sp_cat_query)) 
        {
            mysqli_stmt_bind_result($stmt, $current_id, $current_isd_id, $current_isc_id, $current_descriptor);
            mysqli_stmt_execute($stmt); 
            while (mysqli_stmt_fetch($stmt)) 
            {                 
                $isd_id_array[$array_counter] = $current_isd_id;
                $array_counter++; 
            }  
            $temporary_int = 0;
            while($temporary_int != $array_counter)
            {
                $curr_isd_id = $isd_id_array[$temporary_int];
                $isd_exclusion_concat .= " AND isd_id != '$curr_isd_id'";
                $temporary_int++;
            }              
            $select_builder = "SELECT";
            $from_crossjoin_builder = "";
            $query = "SELECT * from item_specialization WHERE gw_id='$gw_id'";        
            // Connect to the server and select a database
            // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
            $stmt = mysqli_stmt_init($dbh);
            // Prepare statement, bind result variables, execute and place results into bound result variables
            if (mysqli_stmt_prepare($stmt, $query)) 
            {
                mysqli_stmt_bind_result($stmt, $id, $isc_id, $gw_id, $category);
                mysqli_stmt_execute($stmt);                    
                $looped = 0;
                $cat_name_array = array();             
                //this while loop goes through each item_specialization for the general widget and builds a sql string that will take each item_specialization category, 
                //find its associated item_specialization descriptors and build a CROSS JOIN sql code that will return all possible combinations of category descriptors
                // we will then use this data to create an entry into specific_widget table for each row returned, and after recieving the specific widget id returned, 
                //add all the specialization category descriptors for each sql row returned to the specific_widget_pivot table.
                while (mysqli_stmt_fetch($stmt)) 
                {
                    //need to build our sql statements   
                    $cat_name_array[$looped] = $category;
                    $category = str_replace(" ", "", $category);
                    $current_cat_id_builder = "id" . $looped;
                    $current_cat_descriptor_builder = "descriptor" . $looped;                                            
                    if($looped == 0)
                    {
                        $select_builder .= " $category.isd_id $current_cat_id_builder, $category.descriptor $current_cat_descriptor_builder ";                          
                        $from_crossjoin_builder .= "FROM(SELECT isd.isd_id, isd.descriptor FROM item_specialization_descriptors isd LEFT JOIN item_specialization ispec on ispec.isc_id = isd.isc_id WHERE ispec.id = '$id' $isd_exclusion_concat) $category ";                           
                    }
                    else
                    {
                        $select_builder .= ", $category.isd_id $current_cat_id_builder, $category.descriptor $current_cat_descriptor_builder ";                           
                        $from_crossjoin_builder .= "CROSS JOIN(SELECT isd.isd_id, isd.descriptor FROM item_specialization_descriptors isd LEFT JOIN item_specialization ispec on ispec.isc_id = isd.isc_id WHERE ispec.id = '$id' $isd_exclusion_concat) $category ";                           
                    }
                        
                    $looped++;   
                }        
                $sql_query = $select_builder . $from_crossjoin_builder;    
                mysqli_stmt_close($stmt);                    
                $dbh = mysqli_connect($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
                if($result = mysqli_query($dbh, $sql_query))
                {                     
                    while($row = mysqli_fetch_assoc($result))
                    {        
                        $stringGenerator = new stringgenerator();
                        $specific_widget_random_id = $stringGenerator->generaterandomstring(10);
                        $specific_widget_random_id = (string)$gw_id . "SWIDGET" . $specific_widget_random_id;                       
                        $dbh2 = mysqli_connect($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());                         
                        $specific_widget_query = "INSERT INTO specific_widget (active, gw_id, sw_id) VALUES ('inactive', '$gw_id', '$specific_widget_random_id')";
                         // echo $specific_widget_query . "<br />";
                         if($sw_result = mysqli_query($dbh2, $specific_widget_query))
                         {
                            $tmp_int = 0;
                            while($tmp_int != $looped)
                            {
                                $current_cat_id_builder = "id" . $tmp_int;
                                $current_cat_descriptor_builder = "descriptor" . $tmp_int;
                                $current_id = $row[$current_cat_id_builder];
                                $current_descriptor = $row[$current_cat_descriptor_builder];         
                                $specific_widget_pivot_query = "INSERT INTO specific_widget_pivot (sw_id, isd_id) VALUES ('$specific_widget_random_id', '$current_id')";           
                                $sw_pivot_result = mysqli_query($dbh2, $specific_widget_pivot_query);                                
                                $tmp_int++;
                              }
                         }
                         else
                         {
                            echo mysqli_error() . "<br />";
                         }                        
                    } 
                }
                mysqli_free_result($result);
            }
                       
        }
        else
        {
            echo 'Error Creating Item Specialization';
        }  
    }
    public function deactivatespecificitem()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
            
            $sw_id = $this->sw_id;
      
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
            // Update the Category in the System
            $query = "UPDATE specific_widget SET active = ('inactive') WHERE sw_id = (?)";
            
            $stmt = $mysqli_conn->prepare($query);
            $stmt->bind_param('s', $sw_id);
            $stmt->execute();
               
            $stmt->close();   
            $mysqli_conn->close();
        }
           
        $xml_string .= "<xml>";        
        $xml_string .= "<added>1</added>";    
        $xml_string .= "<sw_id>$sw_id</sw_id>";
        $xml_string .= "</xml>";            
        return $xml_string;
    }
    public function deleteisdandrelateddata()
    {
        
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     

            $isd_id = $this->isd_id;
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
            
            $query = "DELETE FROM item_specialization_descriptors WHERE isd_id = (?)";
            $stmt = $mysqli_conn->prepare($query); 
                              
            $stmt->bind_param('s', $isd_id); 
            $stmt->execute();
            $number_deleted = $stmt->affected_rows;
            $stmt->close();
            
            if($number_deleted == 1)
            {    
                $query = "SELECT * FROM specific_widget_pivot WHERE isd_id = (?)";
                $stmt = $mysqli_conn->prepare($query);                 
                $stmt->bind_param('s', $isd_id);
                $stmt->execute();
                
                $stmt->bind_result($id, $sw_id, $isd_id);
              
                while($stmt->fetch())
                {
                   
                    $mysqli_conn2 = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
                    $query = "DELETE FROM specific_widget WHERE sw_id = (?)";
                    $stmt_delete = $mysqli_conn2->prepare($query); 
                                  
                    $stmt_delete->bind_param('s', $sw_id); 
                    $stmt_delete->execute();
                    $number_deleted = $stmt_delete->affected_rows;
                   
                    $query = "DELETE FROM specific_widget_pivot WHERE sw_id = (?)";
                    $stmt_delete = $mysqli_conn2->prepare($query);                 
                    $stmt_delete->bind_param('s', $sw_id); 
                    $stmt_delete->execute();
                    $number_deleted = $stmt_delete->affected_rows;
                    $stmt_delete->close();               
                }
                
                $stmt->close();   
                $mysqli_conn->close();
                $mysqli_conn2->close();
            }     
        }  
            
            
            
        
    }  
    public function deleteitemspecializationandrelateddatabyiscid() 
    {
        
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        { 
            $isc_id = $this->isc_id;
            $gw_id = $this->gw_id;
            
            //first we get all item_specialization for this gw_id and then all isc_id's related.
            $query = "SELECT * FROM item_specialization WHERE gw_id = (?)";
            $mysqli_connect = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
            $stmt1 = $mysqli_connect->prepare($query);                 
            $stmt1->bind_param('s', $gw_id);
            $stmt1->execute();
                
            $stmt1->bind_result($id, $is_isc_id, $gw_id, $category);
              
            while($stmt1->fetch())
            {    
                $query = "SELECT * FROM item_specialization_descriptors WHERE isc_id = (?)";
                $mysqli_connect2 = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
                $stmt2 = $mysqli_connect2->prepare($query);                 
                $stmt2->bind_param('s', $is_isc_id);
                $stmt2->execute();
                    
                $stmt2->bind_result($id, $isd_isd_id, $isd_isc_id, $descriptor);
                  
                while($stmt2->fetch())
                { 

                    //Bind information to prevent sql injection attacks
                    $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
                    
                    $query = "SELECT * FROM specific_widget_pivot WHERE isd_id = (?)";
                    $stmt = $mysqli_conn->prepare($query);                 
                    $stmt->bind_param('s', $isd_isd_id);
                    $stmt->execute();
                        
                    $stmt->bind_result($id, $swp_sw_id, $swp_isd_id);
                      
                    while($stmt->fetch())
                    {
                       
                        $mysqli_conn2 = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
                        $query = "DELETE FROM specific_widget WHERE sw_id = (?)";
                        $stmt_delete = $mysqli_conn2->prepare($query); 
                                          
                        $stmt_delete->bind_param('s', $swp_sw_id); 
                        $stmt_delete->execute();
                        $number_deleted = $stmt_delete->affected_rows;
                           
                        $query = "DELETE FROM specific_widget_pivot WHERE sw_id = (?)";
                        $stmt_delete = $mysqli_conn2->prepare($query);                 
                        $stmt_delete->bind_param('s', $swp_sw_id); 
                        $stmt_delete->execute();
                        $number_deleted = $stmt_delete->affected_rows;
                        $stmt_delete->close();               
                    }
                        
                    $stmt->close();   
                    $mysqli_conn->close();                       
                 }                 
            }   

            
            //need to delete all isd's relating to the category being deleted and delete the category
             $mysqli_conn2 = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
             $query = "DELETE FROM item_specialization WHERE isc_id = (?)";
             $stmt_delete = $mysqli_conn2->prepare($query); 
                                          
             $stmt_delete->bind_param('s', $isc_id); 
             $stmt_delete->execute();
             $number_deleted = $stmt_delete->affected_rows;
                           
            $query = "DELETE FROM item_specialization_descriptors WHERE isc_id = (?)";
             $stmt_delete = $mysqli_conn2->prepare($query);                 
             $stmt_delete->bind_param('s', $isc_id); 
             $stmt_delete->execute();
             $number_deleted = $stmt_delete->affected_rows;
             $stmt_delete->close();  
             $mysqli_conn2->close();             
            
       }

        
        
        
    }
    public function deleteitemspecializationbyiscid()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {    
        
            $isc_id = $this->isc_id;
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
            $query = "DELETE FROM item_specialization WHERE isc_id = (?)";
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('s', $isc_id); 
            $stmt->execute();
            $number_deleted = $stmt->affected_rows;
            $stmt->close();        
        }
        $xml_string .= "<xml>";        
        $xml_string .= "<deleted>$number_deleted</deleted>";
        $xml_string .= "<gw_id>$isc_id</gw_id>";
        $xml_string .= "</xml>";            
        return $xml_string;
    }
    public function deleteitemspecializationdescriptorbyiscid()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {    
        
            $isc_id = $this->isc_id;
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
            $query = "DELETE FROM item_specialization_descriptors WHERE isc_id = (?)";
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('s', $isc_id); 
            $stmt->execute();
            $number_deleted = $stmt->affected_rows;
            $stmt->close();        
        }
        $xml_string .= "<xml>";        
        $xml_string .= "<deleted>$number_deleted</deleted>";
        $xml_string .= "<isc_id>$isc_id</isc_id>";
        $xml_string .= "</xml>";            
        return $xml_string;
    }
    public function deletespecificwidgetbyswid()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {    
        
            $sw_id = $this->sw_id;                  
            //Bind information to prevent sql injection attacks.
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
            $query = "DELETE FROM specific_widget WHERE sw_id = (?)";
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('s', $sw_id); 
            $stmt->execute();
            $number_deleted = $stmt->affected_rows;
            $stmt->close();        
        }
        $xml_string .= "<xml>";        
        $xml_string .= "<deleted>$number_deleted</deleted>";
        $xml_string .= "<sw_id>$sw_id</sw_id>";
        $xml_string .= "</xml>";            
        return $xml_string;
    }
    public function deletespecificwidgetpivotbyswid()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {    
        
            $sw_id = $this->sw_id;
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
            $query = "DELETE FROM specific_widget_pivot WHERE sw_id = (?)";
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('s', $sw_id); 
            $stmt->execute();
            $number_deleted = $stmt->affected_rows;
            $stmt->close();  
            $mysqli_conn->close();      
        }
        $xml_string .= "<xml>";        
        $xml_string .= "<deleted>$number_deleted</deleted>";
        $xml_string .= "<sw_id>$sw_id</sw_id>";
        $xml_string .= "</xml>";            
        return $xml_string;
    }
    public function getactivespecificwidgetbygwid()
    {   
        $xml_string = "";
        /// This method is used for getting items by ID, used by my makeshift ui      
        //Count how many total
        $gw_id = $this->gw_id;
        
        $query = "SELECT count(*) AS item_count FROM specific_widget WHERE gw_id= ? AND active='active'";

        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('i', $gw_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        { 
         
            $query = "SELECT * from specific_widget WHERE gw_id= ? AND active='active'";        
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {

                $stmt->bind_param('i', $gw_id); 
                $stmt->execute();
                $stmt->bind_result($id, $active, $gw_id, $sw_id, $image, $weight, $price, $qty);   

                while ($stmt->fetch()) 
                {

                    $xml_string .= "<Item>";
                    $xml_string .= "<id>" . $id . "</id>"; 
                    $xml_string .= "<active>" . $active . "</active>";
                    $xml_string .= "<gw_id>" . $gw_id . "</gw_id>";  
                    $xml_string .= "<sw_id>" . $sw_id . "</sw_id>";
                    $xml_string .= "<image>" . $image . "</image>";
                    $xml_string .= "<weight>" . $weight . "</weight>";
                    $xml_string .= "<price>" . $price . "</price>";
                    $xml_string .= "<qty>" . $qty . "</qty>";
                    $xml_string .= "</Item>";
                }            
                $stmt->close();  
                $mysqli->close();                     
            }                       
        }
        $xml_string .= "</xml>";   
        return $xml_string;
    }
    public function getinactivespecificwidgetbygwid()
    {   
        $xml_string = "";  
        //Count how many total
        $gw_id = $this->gw_id;
        
        $query = "SELECT count(*) AS item_count FROM specific_widget WHERE gw_id= ? AND active='inactive'";
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('i', $gw_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        { 
         
            $query = "SELECT * from specific_widget WHERE gw_id= ? AND active='inactive'";        
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {

                $stmt->bind_param('i', $gw_id); 
                $stmt->execute();
                $stmt->bind_result($id, $active, $gw_id, $sw_id, $image, $weight, $price, $qty);   

                while ($stmt->fetch()) 
                { 
                    $xml_string .= "<Item>";
                    $xml_string .= "<id>" . $id . "</id>"; 
                    $xml_string .= "<active>" . $active . "</active>";
                    $xml_string .= "<gw_id>" . $gw_id . "</gw_id>";  
                    $xml_string .= "<sw_id>" . $sw_id . "</sw_id>";
                    $xml_string .= "<image>" . $image . "</image>";
                    $xml_string .= "<weight>" . $weight . "</weight>";
                    $xml_string .= "<price>" . $price . "</price>";
                    $xml_string .= "<qty>" . $qty . "</qty>";
                    $xml_string .= "</Item>";
                }            
                $stmt->close();
                $mysqli->close();
            }                      
        }
        $xml_string .= "</xml>";   
        return $xml_string;
    }
    function getitemspecializationbygwid()
    {       
            $is_build = "";    
            $gw_id = $this->gw_id; 
            $query = "SELECT count(gw_id) AS Item_Count FROM item_specialization WHERE gw_id= ?";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            $stmt->bind_param('i', $gw_id);      
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();          
            $stmt->close();
            $mysqli->close(); 

            $is_build .= "<xml>";
            $is_build .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

            if($Item_Count != 0)
            { 
               
                $query = "SELECT * from item_specialization WHERE gw_id= ? ORDER BY id;";        
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
                $stmt = $mysqli->prepare($query);
                if($stmt)
                {

                    $stmt->bind_param('i', $gw_id); 
                    $stmt->execute();
                    $stmt->bind_result($id, $isc_id, $gw_id, $category);   

                    while ($stmt->fetch()) 
                    {        
                        $is_build .= "<Item>";
                        $is_build .= "<id>" . $id . "</id>"; 
                        $is_build .= "<isc_id>" . $isc_id . "</isc_id>";  
                        $is_build .= "<gw_id>" . $gw_id . "</gw_id>";
                        $is_build .= "<category>" . $category . "</category>";
                        $is_build .= "</Item>";
                    }            
                    $stmt->close(); 
                    $mysqli->close();         
                }
                            
            }
            $is_build .= "</xml>"; 
            return $is_build;  
                
    }
    public function getitemspecializationcategorybygwid()
    {
        
        $xml_string = "";
     
        //Count how many total
        $gw_id = $this->gw_id;
        $query = "SELECT count(gw_id) AS Item_Count FROM item_specialization WHERE gw_id= ?";

      
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('i', $gw_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        { 
            $gw_id = $this->gw_id;
            $query = "SELECT * from item_specialization WHERE gw_id= ? ORDER BY id;";        
            
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {
                $stmt->bind_param('i', $gw_id); 
                $stmt->execute();
                $stmt->bind_result($id, $isc_id, $gw_id, $category);   
                while ($stmt->fetch()) 
                {   
                    $xml_string .= "<Item>";
                    $xml_string .= "<id>" . $id . "</id>"; 
                    $xml_string .= "<isc_id>" . $isc_id . "</isc_id>";  
                    $xml_string .= "<gw_id>" . $gw_id . "</gw_id>";
                    $xml_string .= "<category>" . $category . "</category>";
                    $xml_string .= "</Item>";
                }            
                $stmt->close();
                $mysqli->close();
            }
                        
        }
         $xml_string .= "</xml>"; 
         return $xml_string;  
    }
    public function getitemspecializationcategorybyiscid()
    {
        
        $xml_string = "";
        /// This method is used for getting items by ID, used by my makeshift ui      
        //Count how many total
        $isc_id = $this->isc_id;
        $query = "SELECT count(isc_id) AS Item_Count FROM item_specialization WHERE isc_id= ?";
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('s', $isc_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        { 
            $isc_id = $this->isc_id;
            $query = "SELECT * from item_specialization WHERE isc_id= ?";        
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {
                $stmt->bind_param('s', $isc_id); 
                $stmt->execute();
                $stmt->bind_result($id, $isc_id, $gw_id, $category);   

                while ($stmt->fetch()) 
                {  
                    $xml_string .= "<Item>";
                    $xml_string .= "<id>" . $id . "</id>"; 
                    $xml_string .= "<isc_id>" . $isc_id . "</isc_id>";  
                    $xml_string .= "<gw_id>" . $gw_id . "</gw_id>";
                    $xml_string .= "<category>" . $category . "</category>";
                    $xml_string .= "</Item>";
                }            
                $stmt->close();
                $mysqli->close();                        
            }                        
        }
         $xml_string .= "</xml>";  
         return $xml_string; 
    }
    public function getitemspecializationdescriptorbyiscid()
    {
         
        $xml_string = "";
        /// This method is used for getting items by ID, used by my makeshift ui      
        //Count how many total
        $isc_id = $this->isc_id;
        $query = "SELECT count(isc_id) AS Item_Count FROM item_specialization_descriptors WHERE isc_id= ?";
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('s', $isc_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        { 
            $gw_id = $this->gw_id;
            $query = "SELECT * from item_specialization_descriptors WHERE isc_id= ? ORDER by id";        
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {
                $stmt->bind_param('s', $isc_id); 
                $stmt->execute();
                $stmt->bind_result($id, $isd_id, $isc_id, $descriptor);   
                while ($stmt->fetch()) 
                {  
                    $xml_string .= "<Item>";
                    $xml_string .= "<id>" . $isd_id . "</id>"; 
                    $xml_string .= "<isc_id>" . $isc_id . "</isc_id>";  
                    $xml_string .= "<descriptor>" . $descriptor . "</descriptor>";
                    $xml_string .= "</Item>";
                }            
                $stmt->close();
                $mysqli->close();                       
            }
                        
        }
         $xml_string .= "</xml>";   
         return $xml_string;
    }
    public function getitemspecializationdescriptorbyisdid()
    {
         
        $xml_string = "";
        /// This method is used for getting items by ID, used by my makeshift ui      
        //Count how many total
        $isd_id = $this->isd_id;
        $query = "SELECT count(isc_id) AS Item_Count FROM item_specialization_descriptors WHERE isd_id= ?";
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('s', $isd_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        { 
            $query = "SELECT * from item_specialization_descriptors WHERE isd_id= ? ORDER by descriptor";        
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {

                $stmt->bind_param('s', $isd_id); 
                $stmt->execute();
                $stmt->bind_result($id, $isd_id, $isc_id, $descriptor);   

                while ($stmt->fetch()) 
                {   
                    $xml_string .= "<Item>";
                    $xml_string .= "<isd_id>" . $isd_id . "</isd_id>"; 
                    $xml_string .= "<isc_id>" . $isc_id . "</isc_id>";  
                    $xml_string .= "<descriptor>" . $descriptor . "</descriptor>";
                    $xml_string .= "</Item>";
                }            
                $stmt->close();
                $mysqli->close(); 
                       
            }
                        
        }
         $xml_string .= "</xml>";   
         return $xml_string;
    }
    public function getisdidbyspecificwidgetid()
    {
         
        $xml_string = "";
        /// This method is used for getting items by ID, used by my makeshift ui      
        //Count how many total
        $sw_id = $this->sw_id;
        $query = "SELECT count(sw_id) AS Item_Count FROM specific_widget_pivot WHERE sw_id= ?";
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('s', $sw_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        { 
            $sw_id = $this->sw_id;
            $query = "SELECT * from specific_widget_pivot WHERE sw_id= ?";        
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {   
                $stmt->bind_param('s', $sw_id); 
                $stmt->execute();
                $stmt->bind_result($id, $sw_id, $isd_id);   

                while ($stmt->fetch()) 
                { 
                    $xml_string .= "<Item>";
                    $xml_string .= "<id>" . $id . "</id>"; 
                    $xml_string .= "<sw_id>" . $sw_id . "</sw_id>";  
                    $xml_string .= "<isd_id>" . $isd_id . "</isd_id>";
                    $xml_string .= "</Item>";
                }            
                $stmt->close();
                $mysqli->close();                        
            }                      
        }
         $xml_string .= "</xml>";   
         return $xml_string;
    }
    public function getspecificwidgetbygwid()
    {
        
        $xml_string = "";
        //Count how many total
        $gw_id = $this->gw_id;
        
        $query = "SELECT count(gw_id) AS item_count FROM specific_widget WHERE gw_id= ?";
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('i', $gw_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        {   
            $query = "SELECT * from specific_widget WHERE gw_id= ?";        
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {    
                $stmt->bind_param('i', $gw_id); 
                $stmt->execute();
                $stmt->bind_result($id, $active, $gw_id, $sw_id, $image, $weight, $price, $qty);   

                while ($stmt->fetch()) 
                {  
                    $xml_string .= "<Item>";
                    $xml_string .= "<id>" . $id . "</id>"; 
                    $xml_string .= "<active>" . $active . "</active>";
                    $xml_string .= "<gw_id>" . $gw_id . "</gw_id>";  
                    $xml_string .= "<sw_id>" . $sw_id . "</sw_id>";
                    $xml_string .= "<image>" . $image . "</image>";
                    $xml_string .= "<weight>" . $weight . "</weight>";
                    $xml_string .= "<price>" . $price . "</price>";
                    $xml_string .= "<qty>" . $qty . "</qty>";
                    $xml_string .= "</Item>";
                }            
                $stmt->close();
                $mysqli->close();                       
            }                        
        }
        $xml_string .= "</xml>"; 
        return $xml_string;  
    }
    public function getspecificwidgetbyswid()
    {
        
        $xml_string = "";

        /// This method is used for getting items by ID, used by my makeshift ui      
        //Count how many total
        $sw_id = $this->sw_id;
        
        $query = "SELECT count(gw_id) AS item_count FROM specific_widget WHERE sw_id= ?";
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('s', $sw_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        { 
         
            $query = "SELECT * from specific_widget WHERE sw_id= ?"; 
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {
                $stmt->bind_param('s', $sw_id); 
                $stmt->execute();
                $stmt->bind_result($id, $active, $isc_id, $sw_id, $image, $weight, $price, $qty);   

                while ($stmt->fetch()) 
                {  
                    $xml_string .= "<Item>";
                    $xml_string .= "<id>" . $id . "</id>"; 
                    $xml_string .= "<active>" . $active . "</active>";
                    $xml_string .= "<isc_id>" . $isc_id . "</isc_id>";  
                    $xml_string .= "<sw_id>" . $sw_id . "</sw_id>";
                    $xml_string .= "<image>" . $image . "</image>";
                    $xml_string .= "<weight>" . $weight . "</weight>";
                    $xml_string .= "<price>" . $price . "</price>";
                    $xml_string .= "<qty>" . $qty . "</qty>";
                    $xml_string .= "</Item>";
                }            
                $stmt->close();
                $mysqli->close();                        
            }                       
        }
         $xml_string .= "</xml>";   
         return $xml_string;
    }
    public function getspecificwidgetpivotbyswid()
    {
         
        $xml_string = "";   
        $sw_id = $this->sw_id;           
        //Count how many total
           
        $query = "SELECT count(sw_id) AS Item_Count FROM specific_widget_pivot WHERE sw_id= ?";
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                   
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('s', $sw_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        { 
                
                $query = "SELECT * from specific_widget_pivot WHERE sw_id= ?"; 
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
                $stmt = $mysqli->prepare($query);
                if($stmt)
                {
                    $stmt->bind_param('s', $sw_id); 
                    $stmt->execute();
                    $stmt->bind_result($id, $sw_id, $isd_id);   
                    $swp_build = "";
                    while ($stmt->fetch()) 
                    { 
                        $xml_string .= "<Item>";
                        $xml_string .= "<id>" . $id . "</id>"; 
                        $xml_string .= "<sw_id>" . $sw_id . "</sw_id>";  
                        $xml_string .= "<isd_id>" . $isd_id . "</isd_id>";
                        $xml_string .= "</Item>";
                    }            
                    $stmt->close();
                    $mysqli->close();                          
                }
                            
            }
            $xml_string .= "</xml>";   
            return $xml_string;            
    }         
    public function updateitemspecializationcategory()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
        
                $isc_id = $this->isc_id;
                $category = $this->category;
                $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());
                $query = "UPDATE item_specialization SET category = (?) WHERE isc_id = (?)"; 
                $stmt = $mysqli_conn->prepare($query);
                $stmt->bind_param('ss', $category, $isc_id);
                $stmt->execute();
                $number_affected = $stmt->affected_rows;       
                $stmt->close();   
                $mysqli_conn->close();
        }
          
        $xml_string .= "<xml>";        
        $xml_string .= "<added>$number_affected</added>";    
        $xml_string .= "<category>$category</category>";
        $xml_string .= "</xml>"; 
        return $xml_string;           
        
        
    }  
    public function updateitemspecializationdescriptor()
    { 
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {        
            $isd_id = $this->isd_id;
            $descriptor = $this->descriptor;
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
            // Update the Category in the System
            $query = "UPDATE item_specialization_descriptors SET descriptor = (?) WHERE isd_id = (?)";
            
            $stmt = $mysqli_conn->prepare($query);
            $stmt->bind_param('ss', $descriptor, $isd_id);
            $stmt->execute();
            $stmt->close();   
            $mysqli_conn->close();
            
        }   
              
           
        $xml_string .= "<xml>";        
        $xml_string .= "<added>1</added>";    
        $xml_string .= "<descriptor>$descriptor</descriptor>";
        $xml_string .= "</xml>"; 
        return $xml_string;           

    }
    public function updatesw()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {   
            $sw_id = $this->sw_id;
            $price = $this->price;
            $qty = $this->qty;
            $weight = $this->weight;
            $image = urlencode($this->image);
           
        
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
            // Update the Category in the System
            $query = "UPDATE specific_widget SET image = (?), weight = (?), price = (?), qty = (?)  WHERE sw_id = (?)";
            
            $stmt = $mysqli_conn->prepare($query);
            $stmt->bind_param('sddis', $image, $weight, $price, $qty, $sw_id);
            $stmt->execute();
            $stmt->close();   
            $mysqli_conn->close();
           
        }
        $xml_string .= "<xml>";        
        $xml_string .= "<added>1</added>";    
        $xml_string .= "<sw_id>$sw_id</sw_id>";
        $xml_string .= "</xml>"; 
        return $xml_string;           
        
    }

}
class members
{    
    public $limit;
    public $page; 
    public $password;   
    private $site_dbName;
    private $site_dbPassword;
    private $site_dbServer; 
    private $site_dbUser;
    public $username;
    
    function __construct()
    {
                $filename = "../configurational/databaseinfo.php";
        if(!file_exists($filename))
        {
            $filename = "./configurational/databaseinfo.php";
        }
        $serverstring = "";
        $databasestring = "";
        $usernamestring = "";
        $passwordstring = "";
        $contents = file($filename); 
        foreach($contents as $key => $value)
        {   
            if(strpos($value, "server") !== false)
            {
               $serverstring = $value; 
            }
            if(strpos($value, "database") !== false)
            {
               $databasestring = $value; 
            }
            if(strpos($value, "username") !== false)
            {
               $usernamestring = $value;
            }
            if(strpos($value, "password") !== false)
            {
               $passwordstring = $value;  
            }
            
        }
        $serverArray = explode("=", $serverstring);
        $server = trim($serverArray[1]);
        $databaseArray = explode("=", $databasestring);
        $database = trim($databaseArray[1]);
        $userArray = explode("=", $usernamestring);
        $user = trim($userArray[1]);
        $passwordArray = explode("=", $passwordstring);
        $password = trim($passwordArray[1]);
        $this->site_dbServer = $server;
        $this->site_dbName = $database;
        $this->site_dbUser = $user;
        $this->site_dbPassword = $password;
    }  
    public function adduserhistory()
    {
        $xml_string = "";
        $myusername = $this->username;
       
         
         
        //Bind information to prevent sql injection attacks
        $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());     
        $query="INSERT INTO members_activity(username) VALUES (?)";                  
        $stmt = $mysqli_conn->prepare($query);                 
        $stmt->bind_param('s', $myusername); 
        $stmt->execute();
        $item_id = $stmt->insert_id;
        $stmt->close();     
    
        
        
        $xml_string .= "<xml>";
        $xml_string .= "<Item_Id>" . $item_id . "</Item_Id>";    

        
       
                    
        
         $xml_string .= "</xml>";   
         return $xml_string;
    } 
    public function authenticate()
    {
        $xml_string = "";
        $myusername = $this->username;
        $mypassword = $this->password; 
         
         
        $query="SELECT COUNT(id) AS Item_Count FROM members WHERE username= ?  AND password= ?";      
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";          
        $xml_string .= "</xml>";   
        return $xml_string;
    } 
    public function getuserhistory()
    {
        $xml_string = "";
        
        if(isset($this->page))
        {
            $page = $this->page;  
        }
        else
        {
            $page = 1;
        }
               
        if(isset($this->limit))
        {
            $limit = $this->limit;   
        }
        else
        {
            $limit = 3;
        }
          //how many items to show per page
        if($page) 
            $start = ($page - 1) * $limit;             //first item to display on this page
        else
            $start = 0;                                
        
       
         
        //Count how many total
        $query = "SELECT count(*) AS item_count FROM members_activity ORDER BY time";
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);     
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 

        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

        if($Item_Count != 0)
        {    
            if($page) 
                $start = ($page - 1) * $limit;             //first item to display on this page
            else
                $start = 0;                                //if no page var is given, set start to 0                 
            $query = "SELECT * FROM members_activity ORDER BY id DESC LIMIT ?, ?";              
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {
                $stmt->bind_param('ii', $start, $limit); 
                $stmt->execute();
                $stmt->bind_result($id, $username, $time);   
                while ($stmt->fetch()) 
                {   
                    $xml_string .= "<Item>";
                    $xml_string .= "<id>" . $id . "</id>";
                    $xml_string .= "<username>" . $username . "</username>";
                    $xml_string .= "<time>" . $time . "</time>";
                    $xml_string .= "</Item>";
                }                             
            }
            $stmt->close();
            $mysqli->close();
                    
        }
        $xml_string .= "</xml>";   
        return $xml_string;
        
    }
}

class orders
{
    public $ip_address;     
    public $itemization;   
    public $mail;   
    public $order_box_id; 
    public $order_id;
    public $password; 
    public $status;
    public $tracking_number;
    public $username;
    private $site_dbName;
    private $site_dbPassword;  
    private $site_dbServer;      
    private $site_dbUser;
    
    function __construct()
    {
                 $filename = "../configurational/databaseinfo.php";
        if(!file_exists($filename))
        {
            $filename = "./configurational/databaseinfo.php";
        }
        $serverstring = "";
        $databasestring = "";
        $usernamestring = "";
        $passwordstring = "";
        $contents = file($filename); 
        foreach($contents as $key => $value)
        {   
            if(strpos($value, "server") !== false)
            {
               $serverstring = $value; 
            }
            if(strpos($value, "database") !== false)
            {
               $databasestring = $value; 
            }
            if(strpos($value, "username") !== false)
            {
               $usernamestring = $value;
            }
            if(strpos($value, "password") !== false)
            {
               $passwordstring = $value;  
            }
            
        }
        $serverArray = explode("=", $serverstring);
        $server = trim($serverArray[1]);
        $databaseArray = explode("=", $databasestring);
        $database = trim($databaseArray[1]);
        $userArray = explode("=", $usernamestring);
        $user = trim($userArray[1]);
        $passwordArray = explode("=", $passwordstring);
        $password = trim($passwordArray[1]);
        $this->site_dbServer = $server;
        $this->site_dbName = $database;
        $this->site_dbUser = $user;
        $this->site_dbPassword = $password;
    }
    public function addorderbox()
    {
        $xml_string = "";

        if(isset($_SESSION['order_id']))
        {
            
            $order_id = $_SESSION['order_id'];
            
            $transactionID = $order_id;
            $transactionID = urlencode($transactionID);      
            $nvpStr = "&TRANSACTIONID=$transactionID"; 
            $paypalhttppost = new paypalhttppost();
            $httpParsedResponseAr = $paypalhttppost->PPWebservice('GetTransactionDetails', $nvpStr);    
            if("Success" == $httpParsedResponseAr["ACK"]) 
            {
                $status = $this->status;
                $tracking_number = $this->tracking_number; 
                $mailstatus = "not sent";
                //Bind information to prevent sql injection attacks
                $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());     
                $query = "INSERT INTO order_box(order_id, status, mail, tracking_number) VALUES(?,?,?,?)";         
                $stmt = $mysqli_conn->prepare($query);                 
                $stmt->bind_param('ssss', $order_id, $status, $mailstatus, $tracking_number); 
                $stmt->execute();
                $order_box_id = $stmt->insert_id;
                $stmt->close(); 
                $mysqli_conn->close();    
                $xml_string .= "<xml>";    
                $xml_string .= "<added>1</added>";      
                $xml_string .= "<order_box_id>" . $order_box_id . "</order_box_id>";
                $xml_string .= "</xml>"; 
            }
            else
            {
                $xml_string .= "<xml>";    
                $xml_string .= "<added>0</added>";      
                $xml_string .= "<item_id>0</item_id>";
                $xml_string .= "</xml>";     
                
            }           
        } 
        else
        {
            $xml_string .= "<xml><added>0</added><order_box_id>0</order_box_id></xml>";
        }
        return $xml_string; 
        
    }
    public function addorderboxitem()
    {
        $xml_string = "";

        if(isset($_SESSION['order_id']))
        {
            
            $order_id = $_SESSION['order_id'];           
            $transactionID = $order_id;
            $transactionID = urlencode($transactionID);      
            $nvpStr = "&TRANSACTIONID=$transactionID";
            $paypalhttppost = new paypalhttppost();
            $httpParsedResponseAr = $paypalhttppost->PPWebservice('GetTransactionDetails', $nvpStr);    
            if("Success" == $httpParsedResponseAr["ACK"]) 
            {
                     
                $order_box_id = $this->order_box_id;
                $item_id = $this->item_id;                         
                //Bind information to prevent sql injection attacks
                $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());     
                $query = "INSERT INTO order_box_item(order_box_id, item_id) VALUES(?,?)";                     
                $stmt = $mysqli_conn->prepare($query);                 
                $stmt->bind_param('is', $order_box_id, $item_id); 
                $stmt->execute();
                $order_box_item_id = $stmt->insert_id;
                $stmt->close(); 
                $mysqli_conn->close();                  
                $xml_string .= "<xml>";    
                $xml_string .= "<added>1</added>";      
                $xml_string .= "<order_box_item_id>" . $order_box_item_id . "</order_box_item_id>";
                $xml_string .= "</xml>"; 
            }
            else
            {
                $xml_string .= "<xml><added>0</added><order_box_id>0</order_box_id></xml>";
            }
        } 
        else
        {
            $xml_string .= "<xml><added>0</added><order_box_id>0</order_box_id></xml>";
        }
        return $xml_string; 
        
    }
    public function addorderinformation()
    {    
        if(isset($_SESSION['order_id']))
        {
            $order_id = $_SESSION['order_id'];
            $transactionID = strtoupper($order_id);
            $nvpStr = "&TRANSACTIONID=$transactionID";
            $paypalhttppost = new paypalhttppost();
            $httpParsedResponseAr = $paypalhttppost->PPWebservice('GetTransactionDetails', $nvpStr);    

           
            if("Success" == $httpParsedResponseAr["ACK"]) 
            { 
                    $xml_string = "";
                    $itemization = $this->itemization; 
                    $itemization = urldecode($itemization);
                    
                   
                    $xml_incoming = new SimpleXMLElement($itemization);
                    // $xml = simplexml_load_string($itemization);     
                           
                    $num_inserted = 0;
                    foreach($xml_incoming->Item as $itemx)
                    {    
                        $order_id = (string)$itemx->order_id;  
                        $sw_id = (string)$itemx->sw_id; 
                        $gw_id = (int)$itemx->gw_id;     
                        if($sw_id == "")
                        {     
                                $name = (string)$itemx->name;
                                $qty = (int)$itemx->qty;
                                $price = (double)$itemx->price;
                                        
                                //inserts order currently being examined
                                $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());   
                                $sql="INSERT INTO orders(order_id, gw_id, sw_id, name, qty, price) VALUES(?,?,?,?,?,?)"; 
                                $stmt = $mysqli_conn->prepare($sql);
                                $stmt->bind_param('sissid', $order_id, $gw_id, $sw_id, $name, $qty, $price);
                                $stmt->execute(); 
                                $stmt->close();   
                                $mysqli_conn->close();    
                                        
                                //subtracts as many items from the database as were sold
                                $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName)  or die('Could not connect: ' . mysqli_error());
                                //$mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error()); 
                                $sql = "UPDATE general_widget SET in_stock = in_stock-? WHERE gw_id=?";     
                                $stmt = $mysqli_conn->prepare($sql);
                                $stmt->bind_param('ii', $qty, $gw_id);
                                $stmt->execute();
                                $stmt->close();
                                $mysqli_conn->close();
                            }
                        else
                        {    
                            $xmlsubstring = "<xml>" . $itemx->name->asXML() . "</xml>";
                            $name = (string)$xmlsubstring;
                            $qty = (int)$itemx->qty;
                            $price = (double)$itemx->price;      
                            //inserts order currently being examined
                            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());   
                            $sql="INSERT INTO orders(order_id, gw_id, sw_id, name, qty, price) VALUES(?,?,?,?,?,?)"; 
                            $stmt = $mysqli_conn->prepare($sql);
                            $stmt->bind_param('sissid', $order_id, $gw_id, $sw_id, $name, $qty, $price);
                            $stmt->execute(); 
                            $stmt->close();   
                            $mysqli_conn->close();     
                            
                            //subtracts as many items from the database as were sold
                            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName)  or die('Could not connect: ' . mysqli_error());
                            $sql = "UPDATE specific_widget SET qty = qty-? WHERE sw_id=?";     
                            $stmt = $mysqli_conn->prepare($sql);
                            $stmt->bind_param('is', $qty, $ssw_id);
                            $stmt->execute();
                            $stmt->close();
                            $mysqli_conn->close();
                                        
                        }
                        $num_inserted++;             
                    } 

             }
            $xml_string .= "<xml>";         
            $xml_string .= "<number_inserted>$num_inserted</number_inserted>";
            $xml_string .= "</xml>"; 
            
        }   
        else
        {
            $xml_string .= "<xml>";         
            $xml_string .= "<number_inserted>0</number_inserted>";
            $xml_string .= "</xml>"; 
             
        }    
                
        return $xml_string;
        
    }
    public function getorderboxitemsbyboxid()
    { 
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
            $box_id = $this->order_box_id;  
            //Count how many total
            $query = "SELECT count(*) AS item_count FROM order_box_item WHERE order_box_id =?";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
            // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
            $stmt = $mysqli->prepare($query);
            // Prepare statement, bind result variables, execute and place results into bound result variables
            $stmt->bind_param('i', $box_id);
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();        
            $stmt->close();
            $mysqli->close();    
            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    
                
            if($Item_Count != 0)
            {
                $query = "SELECT * FROM order_box_item WHERE order_box_id = ?";  
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
                // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
                $stmt = $mysqli->prepare($query);
                // Prepare statement, bind result variables, execute and place results into bound result variables
                $stmt->bind_param('i', $box_id);
                $stmt->execute();
                $stmt->bind_result($id, $box_id, $item_id);
               
                while ($stmt->fetch()) 
                {   
                    $xml_string .= "<Item>";
                    $xml_string .= "<id>" . $id . "</id>";
                    $xml_string .= "<box_id>" . $box_id . "</box_id>"; 
                    $xml_string .= "<item_id>" . $item_id . "</item_id>";                  
                    $xml_string .= "</Item>";
                }
                $stmt->close();
                $mysqli->close();
            }
            $xml_string .= '</xml>';
            
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    } 
    public function getorderboxesbyorderid()
    { 
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {   
            $order_id = $this->order_id;  
            //Count how many total
            $query = "SELECT count(*) AS item_count FROM order_box WHERE order_id =?";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
            // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
            $stmt = $mysqli->prepare($query);
            // Prepare statement, bind result variables, execute and place results into bound result variables
            $stmt->bind_param('s', $order_id);
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();        
                
            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    
                
            if($Item_Count != 0)
            {
                $query = "SELECT * FROM order_box WHERE order_id = ?";  
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
                // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
                $stmt = $mysqli->prepare($query);
                // Prepare statement, bind result variables, execute and place results into bound result variables
                $stmt->bind_param('s', $order_id);
                $stmt->execute();
                $stmt->bind_result($id, $order_id, $status, $mail, $tracking_number);
               
                while ($stmt->fetch()) 
                {   
                    $xml_string .= "<Item>";
                    $xml_string .= "<id>" . $id . "</id>";
                    $xml_string .= "<order_id>" . $order_id . "</order_id>";  
                    $xml_string .= "<status>" . $status . "</status>"; 
                    $xml_string .= "<mail>" . $mail . "</mail>"; 
                    $xml_string .= "<tracking_number>" . $tracking_number . "</tracking_number>";                  
                    $xml_string .= "</Item>";
                }
                $stmt->close();
                $mysqli->close();
            }
            $xml_string .= '</xml>';
            
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    }       
    public function getorderbyorderid()
    { 
        $xml_string = "";
        $myusername=$_SESSION['username'];
        $mypassword=$_SESSION['password'];
        $query="SELECT COUNT(id) AS Item_Count FROM members WHERE username=? and password=?";               
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
        // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
        $stmt = $mysqli->prepare($query);
        // Prepare statement, bind result variables, execute and place results into bound result variables
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch(); 
        $stmt->close();
        $mysqli->close();       
        $count = $Item_Count;
        
        //this checks to make sure that the username and password match for authentication
        if($count==1)
        {     
            $order_id = $this->order_id;  
            //Count how many total
            $query = "SELECT count(*) AS item_count FROM orders WHERE order_id =?";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
            // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
            $stmt = $mysqli->prepare($query);
            // Prepare statement, bind result variables, execute and place results into bound result variables
            $stmt->bind_param('s', $order_id);
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();        
            $stmt->close();
            $mysqli->close();    
            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    
                
            if($Item_Count != 0)
            {
                $query = "SELECT * FROM orders WHERE order_id = ?";  
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
                // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
                $stmt = $mysqli->prepare($query);
                // Prepare statement, bind result variables, execute and place results into bound result variables
                $stmt->bind_param('s', $order_id);
                $stmt->execute();
                $stmt->bind_result($id, $order_id, $gw_id, $sw_id, $name, $qty, $price);
               
                while ($stmt->fetch()) 
                {   
                    $xml_string .= "<Item>";
                    $xml_string .= "<order_id>" . $order_id . "</order_id>";  
                    $xml_string .= "<gw_id>" . $gw_id . "</gw_id>";
                    $xml_string .= "<sw_id>" . $sw_id . "</sw_id>";
                    $xml_string .= "<name>" . $name . "</name>";
                    $xml_string .= "<qty>" . $qty . "</qty>";
                    $xml_string .= "<price>" . $price . "</price>";
                    $xml_string .= "</Item>";
                }
                $stmt->close();
                $mysqli->close();
            }
            $xml_string .= '</xml>';
            
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    } 
    public function updateorderboxmailstatusbyboxid()
    { 
        $xml_string = "";
        $myusername=$_SESSION['username'];
        $mypassword=$_SESSION['password'];
        $query="SELECT COUNT(id) AS Item_Count FROM members WHERE username=? and password=?";               
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
        // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
        $stmt = $mysqli->prepare($query);
        // Prepare statement, bind result variables, execute and place results into bound result variables
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch(); 
        $stmt->close();
        $mysqli->close();       
        $count = $Item_Count;
        
        //this checks to make sure that the username and password match for authentication
        if($count==1)
        {     
                $mailstatus = $this->mail;
                $box_id = $this->order_box_id;
                $query = "UPDATE order_box SET mail = ? WHERE id = ?";  
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
                // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
                $stmt = $mysqli->prepare($query);
                // Prepare statement, bind result variables, execute and place results into bound result variables
                $stmt->bind_param('si', $mailstatus, $box_id);
                $stmt->execute();
                $stmt->close();
               
                $inserted = $mysqli->affected_rows;
                 $mysqli->close();   
                $xml_string .= '<xml><Item_Count>' . $inserted . '</Item_Count></xml>';
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';             
        }

        return $xml_string;
    }
    public function updateorderboxstatusbyboxid()
    { 
        $xml_string = "";
        $myusername=$_SESSION['username'];
        $mypassword=$_SESSION['password'];
        $query="SELECT COUNT(id) AS Item_Count FROM members WHERE username=? and password=?";               
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
        // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
        $stmt = $mysqli->prepare($query);
        // Prepare statement, bind result variables, execute and place results into bound result variables
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch(); 
        $stmt->close();
        $mysqli->close();       
        $count = $Item_Count;
        
        //this checks to make sure that the username and password match for authentication
        if($count==1)
        {     
                $status = $this->status;
                $box_id = $this->order_box_id;
                $query = "UPDATE order_box SET status = ? WHERE id = ?";  
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
                // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
                $stmt = $mysqli->prepare($query);
                // Prepare statement, bind result variables, execute and place results into bound result variables
                $stmt->bind_param('si', $status, $box_id);
                $stmt->execute();
                $stmt->close();
               
                $inserted = $mysqli->affected_rows;
                 $mysqli->close();   
                $xml_string .= '<xml><Item_Count>' . $inserted . '</Item_Count></xml>';
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';             
        }

        return $xml_string;
    }
    public function updateorderboxtrackingnumberbyboxid()
    { 
        $xml_string = "";
        $myusername=$_SESSION['username'];
        $mypassword=$_SESSION['password'];
        $query="SELECT COUNT(id) AS Item_Count FROM members WHERE username=? and password=?";               
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
        // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
        $stmt = $mysqli->prepare($query);
        // Prepare statement, bind result variables, execute and place results into bound result variables
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch(); 
        $stmt->close();
        $mysqli->close();       
        $count = $Item_Count;
        
        //this checks to make sure that the username and password match for authentication
        if($count==1)
        {     
                $tracking_number = $this->tracking_number;
                $box_id = $this->order_box_id;
                $query = "UPDATE order_box SET tracking_number = ? WHERE id = ?";  
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
                // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
                $stmt = $mysqli->prepare($query);
                // Prepare statement, bind result variables, execute and place results into bound result variables
                $stmt->bind_param('si', $tracking_number, $box_id);
                $stmt->execute();
                
                $inserted = $mysqli->affected_rows;             
                $xml_string .= '<xml><Item_Count>' . $inserted . '</Item_Count></xml>';
                $stmt->close();
                $mysqli->close();
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';             
        }

        return $xml_string;
    }
    
}
class orders_history
{
    public $note;    
    public $order_event_date; 
    public $order_id;
    public $order_status; 
    private $site_dbName;
    private $site_dbPassword;
    private $site_dbServer;   
    private $site_dbUser;
    
    function __construct()
    {
        $filename = "../configurational/databaseinfo.php";
        if(!file_exists($filename))
        {
            $filename = "./configurational/databaseinfo.php";
        }
        $serverstring = "";
        $databasestring = "";
        $usernamestring = "";
        $passwordstring = "";
        $contents = file($filename); 
        foreach($contents as $key => $value)
        {   
            if(strpos($value, "server") !== false)
            {
               $serverstring = $value; 
            }
            if(strpos($value, "database") !== false)
            {
               $databasestring = $value; 
            }
            if(strpos($value, "username") !== false)
            {
               $usernamestring = $value;
            }
            if(strpos($value, "password") !== false)
            {
               $passwordstring = $value;  
            }
            
        }
        $serverArray = explode("=", $serverstring);
        $server = trim($serverArray[1]);
        $databaseArray = explode("=", $databasestring);
        $database = trim($databaseArray[1]);
        $userArray = explode("=", $usernamestring);
        $user = trim($userArray[1]);
        $passwordArray = explode("=", $passwordstring);
        $password = trim($passwordArray[1]);
        $this->site_dbServer = $server;
        $this->site_dbName = $database;
        $this->site_dbUser = $user;
        $this->site_dbPassword = $password; 
    }
    public function getordershistorybyorderid()
    { 
        $xml_string = "";
        $myusername=$_SESSION['username'];
        $mypassword=$_SESSION['password'];
        $query="SELECT COUNT(id) AS item_count FROM members WHERE username = ? and password = ?";               
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error()); 
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
            $order_id = $this->order_id;  
            //Count how many total
            $query = "SELECT count(*) AS Item_Count FROM orders_history WHERE order_id =?";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error()); 
            $stmt = $mysqli->prepare($query);
            $stmt->bind_param('s', $order_id);
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch(); 
            $stmt->close();
            $mysqli->close();   
            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    
                
            if($Item_Count != 0)
            {
                $query = "SELECT * FROM orders_history WHERE order_id = ? ORDER BY order_event_date";  
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error()); 
                $stmt = $mysqli->prepare($query);
                $stmt->bind_param('s', $order_id);
                $stmt->execute();
                $stmt->bind_result($id, $order_id, $order_event_date, $order_status, $note);
                while($stmt->fetch())
                {   
                    $xml_string .= "<Item>";
                    $xml_string .= "<id>" . $id . "</id>";
                    $xml_string .= "<order_id>" . $order_id . "</order_id>";  
                    $xml_string .= "<order_event_date>" . $order_event_date . "</order_event_date>";
                    $xml_string .= "<order_status>" . $order_status . "</order_status>";
                    $xml_string .= "<note>" . $note . "</note>";
                    $xml_string .= "</Item>";
                }
                $stmt->close();
                $mysqli->close();
            }
            $xml_string .= '</xml>';
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    } 
    public function addordershistoryevent()
    {
        $xml_string = "";
        if(isset($this->order_id))
        {
             $order_id = $this->order_id;   
        }
        else
        {
            
            $order_id = $_SESSION['order_id'];
        }
            
            
            $order_status = $this->order_status;
            $note = $this->note;
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());     
            $query = "INSERT INTO orders_history(order_id, order_status, note) VALUES(?,?,?)";       
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('sss', $order_id, $order_status, $note); 
            $stmt->execute();
            $item_id = $stmt->insert_id;
            $stmt->close(); 
            $mysqli_conn->close();    
           
        $xml_string .= "<xml>";    
        $xml_string .= "<added>1</added>";      
        $xml_string .= "<item_id>$item_id</item_id>";
        $xml_string .= "</xml>";  
        
        return $xml_string;
     
    }
}
class payment
{  
    public $amount;
    public $city;
    public $correlation_id;        
    public $email;
    public $first_name; 
    public $ip_address;   
    public $lastfourdigits;
    public $last_name;
    public $limit;  
    public $order_id;  
    public $order_status;
    public $page;   
    public $payer_id;
    public $payment_date;
    public $payment_type;
    private $site_dbName;
    private $site_dbPassword;
    private $site_dbServer;   
    private $site_dbUser;
    public $state;
    public $street_address;          
    public $zip_code; 
      
    function __construct()
    {
                   $filename = "../configurational/databaseinfo.php";
        if(!file_exists($filename))
        {
            $filename = "./configurational/databaseinfo.php";
        }
        $serverstring = "";
        $databasestring = "";
        $usernamestring = "";
        $passwordstring = "";
        $contents = file($filename); 
        foreach($contents as $key => $value)
        {   
            if(strpos($value, "server") !== false)
            {
               $serverstring = $value; 
            }
            if(strpos($value, "database") !== false)
            {
               $databasestring = $value; 
            }
            if(strpos($value, "username") !== false)
            {
               $usernamestring = $value;
            }
            if(strpos($value, "password") !== false)
            {
               $passwordstring = $value;  
            }
            
        }
        $serverArray = explode("=", $serverstring);
        $server = trim($serverArray[1]);
        $databaseArray = explode("=", $databasestring);
        $database = trim($databaseArray[1]);
        $userArray = explode("=", $usernamestring);
        $user = trim($userArray[1]);
        $passwordArray = explode("=", $passwordstring);
        $password = trim($passwordArray[1]);
        $this->site_dbServer = $server;
        $this->site_dbName = $database;
        $this->site_dbUser = $user;
        $this->site_dbPassword = $password;
    }
    public function addgeneralpaymentinformation()
    {
        $xml_string = "";  
        
       
        if(isset($_SESSION['order_id']))
        {
            $order_id = $_SESSION['order_id'];   
            $transactionID = strtoupper($order_id);     
            $nvpStr = "&TRANSACTIONID=$transactionID";
            $paypalhttppost = new paypalhttppost();
            $httpParsedResponseAr = $paypalhttppost->PPWebservice('GetTransactionDetails', $nvpStr);    
            if("Success" == $httpParsedResponseAr["ACK"]) 
            {
                 
                $ip_address = $this->ip_address;
                $order_status = $this->order_status; 
                $first_name = $this->first_name;
                $last_name = $this->last_name;   
                $email = $this->email;
                $payment_type = $this->payment_type;
                $amount = $this->amount;
               
                //Bind information to prevent sql injection attacks
                $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());     
                $query = "INSERT INTO payment(order_id, payment_type, amount, order_status, ip_address, first_name, last_name, email) VALUES(?,?,?,?,?,?,?,?)";       
                $stmt = $mysqli_conn->prepare($query);                 
                $stmt->bind_param('ssdsssss',  $order_id, $payment_type, $amount, $order_status, $ip_address, $first_name, $last_name, $email); 
                $stmt->execute();
                $item_id = $stmt->insert_id;
                $stmt->close();    
                $mysqli_conn->close();
                $xml_string .= "<xml>";    
                $xml_string .= "<added>1</added>";      
                $xml_string .= "<item_id>$item_id</item_id>";
                $xml_string .= "</xml>";            
            }
            else
            {
                $xml_string .= "<xml>";    
                $xml_string .= "<added>0</added>";      
                $xml_string .= "<item_id>0</item_id>";
                $xml_string .= "</xml>";     
                
            }
        }
        else
        {
            $xml_string .= "<xml>";    
            $xml_string .= "<added>0</added>";      
            $xml_string .= "<item_id>0</item_id>";
            $xml_string .= "</xml>";     
            
        }
        return $xml_string;
        
    }
    public function addcreditcardpaymentinformation()
    {
        $xml_string = "";  
        if(isset($_SESSION['order_id']))
        {
            $order_id = $_SESSION['order_id'];   
            $transactionID = strtoupper($order_id);     
            $nvpStr = "&TRANSACTIONID=$transactionID";
            $paypalhttppost = new paypalhttppost();
            $httpParsedResponseAr = $paypalhttppost->PPWebservice('GetTransactionDetails', $nvpStr);    
            if("Success" == $httpParsedResponseAr["ACK"]) 
            {
                $correlation_id = $this->correlation_id;
                $street_address= $this->street_address;
                $city = $this->city;
                $state = $this->state;
                $zipcode = (int)$this->zip_code;
                $lastfourdigits = $this->lastfourdigits;  
                //Bind information to prevent sql injection attacks
                $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());     
                $query = "INSERT INTO creditcard_payment(order_id, correlation_id, lastfourdigits, street_address, city, state, zipcode) VALUES(?,?,?,?,?,?,?)";       
                $stmt = $mysqli_conn->prepare($query);                 
                $stmt->bind_param('sssssss', $order_id, $correlation_id, $lastfourdigits, $street_address, $city, $state, $zipcode); 
                $stmt->execute();
                $item_id = $stmt->insert_id;
                $stmt->close();    
                $mysqli_conn->close();
                $xml_string .= "<xml>";    
                $xml_string .= "<added>1</added>";      
                $xml_string .= "<item_id>$item_id</item_id>";
                $xml_string .= "</xml>";            
            }
            else
            {
                $xml_string .= "<xml>";    
                $xml_string .= "<added>0</added>";      
                $xml_string .= "<item_id>0</item_id>";
                $xml_string .= "</xml>";     
                
            }
        }
        else
        {
            $xml_string .= "<xml>";    
            $xml_string .= "<added>0</added>";      
            $xml_string .= "<item_id>0</item_id>";
            $xml_string .= "</xml>";     
            
        }
        return $xml_string;
        
    }
    public function addpaypalpaymentinformation()
    {
        $xml_string = "";  
        if(isset($_SESSION['order_id']))
        {
            
            $order_id = $_SESSION['order_id'];   
            $transactionID = strtoupper($order_id);     
            $nvpStr = "&TRANSACTIONID=$transactionID";
            $paypalhttppost = new paypalhttppost();
            $httpParsedResponseAr = $paypalhttppost->PPWebservice('GetTransactionDetails', $nvpStr);        
            if("Success" == $httpParsedResponseAr["ACK"]) 
            {
                $correlation_id = $this->correlation_id;
                $payer_id = $this->payer_id; 
                      
                //Bind information to prevent sql injection attacks
                $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());     
                $query = "INSERT INTO paypal_payment(order_id, correlation_id, payer_id) VALUES(?,?,?)";       
                $stmt = $mysqli_conn->prepare($query);                 
                $stmt->bind_param('sss', $order_id, $correlation_id, $payer_id); 
                $stmt->execute();
                $item_id = $stmt->insert_id;
                $stmt->close();   
                $mysqli_conn->close();    
                $xml_string .= "<xml>";    
                $xml_string .= "<added>1</added>";      
                $xml_string .= "<item_id>$item_id</item_id>";
                $xml_string .= "</xml>";     
            }       

        }
        else
        {
            $xml_string .= "<xml>";    
            $xml_string .= "<added>0</added>";      
            $xml_string .= "<item_id>0</item_id>";
            $xml_string .= "</xml>";     
            
        }
        return $xml_string;
        
    }
    public function getcreditcardpaymentbyorderid()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];
        $mypassword=$_SESSION['password'];
        $query="SELECT COUNT(id) AS Item_Count FROM members WHERE username=? and password=?";                      
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());        
        $stmt = $mysqli->prepare($query);
        // Prepare statement, bind result variables, execute and place results into bound result variables
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
        //this checks to make sure that the username and password match for authentication
        if($Item_Count==1)
        {     
       
            $order_id = $this->order_id;    
            //Count how many orders by this person
            $query = "SELECT count(*) AS Item_Count FROM creditcard_payment WHERE order_id=?";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysql_error());
            $stmt =  $mysqli->prepare($query);
            $stmt->bind_param('s', $order_id);
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();
            $stmt->close();
            $mysqli->close(); 
            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    
            
            if($Item_Count == 1)
            {
            
                $query = "SELECT * FROM creditcard_payment WHERE order_id=?";   
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysql_error());
                $stmt =  $mysqli->prepare($query);
                $stmt->bind_param('s', $order_id);
                $stmt->execute();
                $stmt->bind_result($id, $order_id, $correlation_id, $lastfourdigits, $street_address, $city, $state, $zip_code);
                $stmt->fetch(); 
                $stmt->close();
                $mysqli->close();              
                $xml_string .= "<Item>"; 
                $xml_string .= "<order_id>" . $order_id . "</order_id>";
                $xml_string .= "<correlation_id>" . $correlation_id . "</correlation_id>";
                $xml_string .= "<lastfourdigits>" . $lastfourdigits . "</lastfourdigits>";     
                $xml_string .= "<street_address>" . $street_address . "</street_address>";   
                $xml_string .= "<city>" . $city . "</city>";  
                $xml_string .= "<state>" . $state . "</state>";  
                $xml_string .= "<zip_code>" . $zip_code . "</zip_code>";                          
                $xml_string .= "</Item>"; 
                    
                                             
            }
            $xml_string .= '</xml>';   
        } 
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    }
    public function getpaymentbyname()
    {
        $xml_string = "";
        
        if(isset($this->page))
        {
            $page = $this->page;  
        }
        else
        {
            $page = 1;
        }
               
        if(isset($this->limit))
        {
            $limit = $this->limit;   
        }
        else
        {
            $limit = 3;
        }
          //how many items to show per page
        if($page) 
            $start = ($page - 1) * $limit;             //first item to display on this page
        else
            $start = 0;                                
        
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
            $first_name = $this->first_name;   
            $last_name = $this->last_name;
            
            //Count how many orders by this person
            $query = "SELECT count(*) AS item_count FROM payment WHERE first_name= ? AND last_name= ?";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            $stmt->bind_param('ss', $first_name, $last_name);      
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();          
            $stmt->close();
            $mysqli->close(); 

            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

            if($Item_Count != 0)
            {  
                
                
                $query = "SELECT * FROM payment WHERE first_name= ? AND last_name= ? ORDER BY payment_date LIMIT ? , ?";       
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
                $stmt = $mysqli->prepare($query);
                if($stmt)
                {    
                    $stmt->bind_param('ssii', $first_name, $last_name, $start, $limit); 
                    $stmt->execute();
                    $stmt->bind_result($id, $order_id, $payment_type, $amount, $order_status, $ip_address, $payment_date, $first_name, $last_name, $email);   

                    while ($stmt->fetch()) 
                    {      
                        $xml_string .= "<Item>";
                        $xml_string .= "<id>" . $id . "</id>"; 
                        $xml_string .= "<order_id>" . $order_id . "</order_id>";
                        $xml_string .= "<payment_type>" . $payment_type . "</payment_type>"; 
                        $xml_string .= "<amount>" . $amount . "</amount>"; 
                        $xml_string .= "<order_status>" . $order_status . "</order_status>";
                        $xml_string .= "<ip_address>" . $ip_address . "</ip_address>";
                        $xml_string .= "<payment_date>" . $payment_date . "</payment_date>";                                    
                        $xml_string .= "<first_name>" . $first_name . "</first_name>";
                        $xml_string .= "<last_name>" . $last_name . "</last_name>";                                                         
                        $xml_string .= "<email>" . $email . "</email>";                                  
                        $xml_string .= "</Item>"; 
                    }
                    $stmt->close();
                    $mysqli->close();                 
                }
            }
           
           $xml_string .= "</xml>";
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    }   
    public function getpaymentbydate()  
    { 
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
            $payment_date = $this->payment_date;
            $timestart = " 00:00:00";
            $timeend = " 23:59:59";
            $datestart = $payment_date . $timestart;
            $dateend = $payment_date . $timeend;
            //Count how many orders by this person
            $query = "SELECT count(*) AS item_count FROM payment WHERE payment_date >= ? AND payment_date <= ?";           
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);  
            $stmt->bind_param('ss', $datestart, $dateend);          
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();          
            $stmt->close();
            $mysqli->close(); 

            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

            if($Item_Count != 0)
            { 
                
                if(isset($this->page))
                {
                    $page = $this->page;  
                }
                else
                {
                    $page = 1;
                }
                       
                if(isset($this->limit))
                {
                    $limit = $this->limit;   
                }
                else
                {
                    $limit = 3;
                }
                  //how many items to show per page
                if($page) 
                    $start = ($page - 1) * $limit;             //first item to display on this page
                else
                    $start = 0;        
                                            
                $query = "SELECT * FROM payment WHERE payment_date >= ? AND payment_date <= ? ORDER BY payment_date LIMIT ?, ?";  
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
                $stmt = $mysqli->prepare($query);  
                $stmt->bind_param('ssii', $datestart, $dateend, $start, $limit);          
                $stmt->execute();
                $stmt->bind_result($id, $order_id, $payment_type, $amount, $order_status, $ip_address, $payment_date, $first_name, $last_name, $email);                           
                while ($stmt->fetch()) 
                {   
                        $xml_string .= "<Item>";
                        $xml_string .= "<id>" . $id . "</id>"; 
                        $xml_string .= "<order_id>" . $order_id . "</order_id>";
                        $xml_string .= "<payment_type>" . $payment_type . "</payment_type>"; 
                        $xml_string .= "<amount>" . $amount . "</amount>"; 
                        $xml_string .= "<order_status>" . $order_status . "</order_status>";
                        $xml_string .= "<ip_address>" . $ip_address . "</ip_address>";
                        $xml_string .= "<payment_date>" . $payment_date . "</payment_date>";                                    
                        $xml_string .= "<first_name>" . $first_name . "</first_name>";
                        $xml_string .= "<last_name>" . $last_name . "</last_name>";                                                         
                        $xml_string .= "<email>" . $email . "</email>";                                  
                        $xml_string .= "</Item>"; 
                } 
            }
            $xml_string .= "</xml>";  
        }       
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    } 
    public function getpaymentbyorderid()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {   
       
            $order_id = $this->order_id;    
            //Count how many orders by this person
            $query = "SELECT count(*) AS item_count FROM payment WHERE order_id= ?";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            $stmt->bind_param('s', $order_id);      
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();          
            $stmt->close();
            $mysqli->close(); 

            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

            if($Item_Count != 0)
            { 
            
                $query = "SELECT * FROM payment WHERE order_id= ?";
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
                $stmt = $mysqli->prepare($query);
                if($stmt)
                {

                    $stmt->bind_param('s', $order_id); 
                    $stmt->execute();
                    $stmt->bind_result($id, $order_id, $payment_type, $amount, $order_status, $ip_address, $payment_date, $first_name, $last_name, $email);   

                    while ($stmt->fetch()) 
                    {   
                        $xml_string .= "<Item>";
                        $xml_string .= "<id>" . $id . "</id>"; 
                        $xml_string .= "<order_id>" . $order_id . "</order_id>";
                        $xml_string .= "<payment_type>" . $payment_type . "</payment_type>";
                        $xml_string .= "<amount>" . $amount . "</amount>";        
                        $xml_string .= "<order_status>" . $order_status . "</order_status>";     
                        $xml_string .= "<ip_address>" . $ip_address . "</ip_address>";
                        $xml_string .= "<payment_date>" . $payment_date . "</payment_date>";                               
                        $xml_string .= "<first_name>" . $first_name . "</first_name>";
                        $xml_string .= "<last_name>" . $last_name . "</last_name>";                    
                        $xml_string .= "<email>" . $email . "</email>";                              
                        $xml_string .= "</Item>"; 
                    }
                    $stmt->close();
                    $mysqli->close();
               
                }
                $xml_string .= '</xml>';   
            } 
            else
            {
                $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
            }
            return $xml_string;
        } 
    }
    public function getpaypalpaymentbyorderid()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];
        $mypassword=$_SESSION['password'];
        $query="SELECT id AS Item_Count FROM members WHERE username=? and password=?";               
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
        // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
        $stmt = $mysqli->prepare($query);
        // Prepare statement, bind result variables, execute and place results into bound result variables
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        while($stmt->fetch())
        {
            $count = $Item_Count;
        }
        
        //this checks to make sure that the username and password match for authentication
        if($count==1)
        {     
       
            $order_id = $this->order_id;    
            //Count how many orders by this person
            $query = "SELECT count(*) AS item_count FROM paypal_payment WHERE order_id=?";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysql_error());
            $stmt =  $mysqli->prepare($query);
            $stmt->bind_param('s', $order_id);
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            while($stmt->fetch())
            {
                $Item_Count = $Item_Count;
            }
             
            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    
            
            if($Item_Count == 1)
            {
            
                $query = "SELECT * FROM paypal_payment WHERE order_id=?";   
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysql_error());
                $stmt =  $mysqli->prepare($query);
                $stmt->bind_param('s', $order_id);
                $stmt->execute();
                $stmt->bind_result($id, $order_id, $correlation_id, $payer_id);
                while($stmt->fetch())
                {
                    $xml_string .= "<Item>"; 
                    $xml_string .= "<order_id>" . $order_id . "</order_id>";
                    $xml_string .= "<correlation_id>" . $correlation_id . "</correlation_id>";
                    $xml_string .= "<payer_id>" . $payer_id . "</payer_id>";                           
                    $xml_string .= "</Item>"; 
                    
                }
                $stmt->close();
                $mysqli->close();                                             
            }
            $xml_string .= '</xml>';   
        } 
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    }     
    public function getpaymentbyreturned()                     
    {
        
        if(isset($this->page))
        {
            $page = $this->page;  
        }
        else
        {
            $page = 1;
        }
               
        if(isset($this->limit))
        {
            $limit = $this->limit;   
        }
        else
        {
            $limit = 3;
        }
          //how many items to show per page
        if($page) 
            $start = ($page - 1) * $limit;             //first item to display on this page
        else
            $start = 0;                                
        
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {    
            $order_id = $this->order_id;
            
            //Count how many orders by this person
            $query = "SELECT count(*) AS item_count FROM payment WHERE order_status='refunded'";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);     
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();          
            $stmt->close();
            $mysqli->close(); 

            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

            if($Item_Count != 0)
            {    
            
                $query = "SELECT payment.* FROM payment WHERE order_status='refunded' ORDER BY payment_date DESC LIMIT ?, ?";
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
                $stmt = $mysqli->prepare($query);
                if($stmt)
                {    
                    $stmt->bind_param('ii', $start, $limit); 
                    $stmt->execute();
                    $stmt->bind_result($id, $order_id, $payment_type, $amount, $order_status, $ip_address, $payment_date, $first_name, $last_name, $email);   

                    while ($stmt->fetch()) 
                    {     
                        $xml_string .= "<Item>";
                        $xml_string .= "<id>" . $id . "</id>"; 
                        $xml_string .= "<order_id>" . $order_id . "</order_id>";
                        $xml_string .= "<payment_type>" . $payment_type . "</payment_type>"; 
                        $xml_string .= "<amount>" . $amount . "</amount>"; 
                        $xml_string .= "<order_status>" . $order_status . "</order_status>";
                        $xml_string .= "<ip_address>" . $ip_address . "</ip_address>";
                        $xml_string .= "<payment_date>" . $payment_date . "</payment_date>";                                    
                        $xml_string .= "<first_name>" . $first_name . "</first_name>";
                        $xml_string .= "<last_name>" . $last_name . "</last_name>";                                                         
                        $xml_string .= "<email>" . $email . "</email>";                                  
                        $xml_string .= "</Item>"; 
                                          
                     }
                     $stmt->close();
                     $mysqli->close();
                }
                  
            }
            $xml_string .= '</xml>';
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    } 
    public function getpaymentbyincomplete()                     
    {
        
        if(isset($this->page))
        {
            $page = $this->page;  
        }
        else
        {
            $page = 1;
        }
               
        if(isset($this->limit))
        {
            $limit = $this->limit;   
        }
        else
        {
            $limit = 3;
        }
        //how many items to show per page
        if($page) 
            $start = ($page - 1) * $limit;             //first item to display on this page
        else
            $start = 0;                                //if no page var is given, set start to 0
                  
        $xml_string = "";     
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
            //Count how many orders by this person
            $query = "SELECT count(*) AS item_count FROM payment WHERE order_status='incomplete'";    
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);     
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();          
            $stmt->close();
            $mysqli->close(); 

            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

            if($Item_Count != 0)
            {   
            
                $query = "SELECT * FROM payment WHERE order_status='incomplete' ORDER BY payment_date LIMIT ?,?";
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
                $stmt = $mysqli->prepare($query);
                if($stmt)
                {

                    $stmt->bind_param('ii', $start, $limit); 
                    $stmt->execute();
                    $stmt->bind_result($id, $order_id, $payment_type, $amount, $order_status, $ip_address, $payment_date, $first_name, $last_name, $email);   

                    while ($stmt->fetch()) 
                    {   
                        $xml_string .= "<Item>";
                        $xml_string .= "<id>" . $id . "</id>"; 
                        $xml_string .= "<order_id>" . $order_id . "</order_id>";
                        $xml_string .= "<payment_type>" . $payment_type . "</payment_type>"; 
                        $xml_string .= "<amount>" . $amount . "</amount>"; 
                        $xml_string .= "<order_status>" . $order_status . "</order_status>";
                        $xml_string .= "<ip_address>" . $ip_address . "</ip_address>";
                        $xml_string .= "<payment_date>" . $payment_date . "</payment_date>";                                    
                        $xml_string .= "<first_name>" . $first_name . "</first_name>";
                        $xml_string .= "<last_name>" . $last_name . "</last_name>";                                                         
                        $xml_string .= "<email>" . $email . "</email>";                                  
                        $xml_string .= "</Item>"; 
                    }
                    $stmt->close();
                    $mysqli->close();
                }
                  
            }
            $xml_string .= '</xml>';
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    }
    public function getpaymentbycomplete()                     
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {    
        
            //Count how many orders by this person
            $query = "SELECT count(*) AS item_count FROM payment WHERE order_status='complete'";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);      
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();          
            $stmt->close();
            $mysqli->close(); 

            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

            if($Item_Count != 0)
            { 
                 
                $query = "SELECT payment.* FROM payment WHERE order_status='complete' ORDER BY payment_date DESC";  
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
                $stmt = $mysqli->prepare($query);
                if($stmt)
                {
 
                    $stmt->execute();
                    $stmt->bind_result($id, $order_id, $payment_type, $amount, $order_status, $ip_address, $payment_date, $first_name, $last_name, $email);   

                    while ($stmt->fetch()) 
                    {    
                        $xml_string .= "<Item>";
                        $xml_string .= "<id>" . $id . "</id>"; 
                        $xml_string .= "<order_id>" . $order_id . "</order_id>";
                        $xml_string .= "<payment_type>" . $payment_type . "</payment_type>"; 
                        $xml_string .= "<amount>" . $amount . "</amount>"; 
                        $xml_string .= "<order_status>" . $order_status . "</order_status>";
                        $xml_string .= "<ip_address>" . $ip_address . "</ip_address>";
                        $xml_string .= "<payment_date>" . $payment_date . "</payment_date>";                                    
                        $xml_string .= "<first_name>" . $first_name . "</first_name>";
                        $xml_string .= "<last_name>" . $last_name . "</last_name>";                                                         
                        $xml_string .= "<email>" . $email . "</email>";                                  
                        $xml_string .= "</Item>"; 
                                          
                     }
                     $stmt->close();
                     $mysqli->close();
                }
                  
            }
            $xml_string .= '</xml>';
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    } 
    public function updatepaymentorderstatus()
    {  
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
      
           $order_id = $this->order_id;
           $order_status = $this->order_status;

              
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
            $query = "UPDATE payment SET order_status = (?) WHERE order_id = (?)";                                                                                                                                                                                                                   
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('ss', $order_status, $order_id); 
            $stmt->execute();
            $number_affected = $stmt->affected_rows;
            $stmt->close();  
            $mysqli_conn->close();     

            $xml_string .= "<xml>";        
            $xml_string .= "<updated>$number_affected</updated>";    
            $xml_string .= "</xml>";            
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    }  
}

class shipping
{  
    public $box_id;
    public $carrier_id;
    public $carrier_name;  
    public $carrier_service_id;
    public $city; 
    public $first_name;      
    public $info;         
    public $last_name;        
    public $order_id;   
    public $service;
    public $service_id; 
    private $site_dbName;
    private $site_dbPassword;
    private $site_dbServer; 
    private $site_dbUser;
    public $shipping_total; 
    public $state;  
    public $street_address;        
    public $zip_code;  

    function __construct()
    {
                  $filename = "../configurational/databaseinfo.php";
        if(!file_exists($filename))
        {
            $filename = "./configurational/databaseinfo.php";
        }
        $serverstring = "";
        $databasestring = "";
        $usernamestring = "";
        $passwordstring = "";
        $contents = file($filename); 
        foreach($contents as $key => $value)
        {   
            if(strpos($value, "server") !== false)
            {
               $serverstring = $value; 
            }
            if(strpos($value, "database") !== false)
            {
               $databasestring = $value; 
            }
            if(strpos($value, "username") !== false)
            {
               $usernamestring = $value;
            }
            if(strpos($value, "password") !== false)
            {
               $passwordstring = $value;  
            }
            
        }
        $serverArray = explode("=", $serverstring);
        $server = trim($serverArray[1]);
        $databaseArray = explode("=", $databasestring);
        $database = trim($databaseArray[1]);
        $userArray = explode("=", $usernamestring);
        $user = trim($userArray[1]);
        $passwordArray = explode("=", $passwordstring);
        $password = trim($passwordArray[1]);
        $this->site_dbServer = $server;
        $this->site_dbName = $database;
        $this->site_dbUser = $user;
        $this->site_dbPassword = $password;
    }
   
    public function addshippingcarrier()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
            $info = $this->info;
            $carrier_name = $this->carrier_name;
            
            
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());     
            $query = "INSERT INTO shipping_carrier(carrier_name) VALUES(?)";       
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('s', $carrier_name); 
            $stmt->execute();
            $item_id = $stmt->insert_id;
            $stmt->close();     
        
        }
        
        
        $xml_string .= "<xml>";    
        $xml_string .= "<added>1</added>";      
        $xml_string .= "<item_id>$item_id</item_id>";
        $xml_string .= "</xml>";            
        return $xml_string;
        
        
    } 
    public function addshippingservice()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
           
            $weight_max = $this->weight_max;
            $carrier_id = $this->carrier_id;
            $service_id = $this->service_id;
            $service = $this->service;
            
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());     
            $query = "INSERT INTO shipping_service(weight_max, carrier_id, service_id, service) VALUES(?,?,?,?)";     
             
            $stmt = $mysqli_conn->prepare($query); 
                            
            $stmt->bind_param('iiss', $weight_max, $carrier_id, $service_id, $service); 
            
            $stmt->execute();
            $item_id = $stmt->insert_id;
            $stmt->close();  
            $mysqli_conn->close();   
        
        }
        
        
        $xml_string .= "<xml>";    
        $xml_string .= "<added>1</added>";      
        $xml_string .= "<item_id>$item_id</item_id>";
        $xml_string .= "</xml>";            
        return $xml_string;
        
        
    } 
    public function addshippinginformation()
    {
        $xml_string = "";

        if(isset($_SESSION['order_id']))
        {
            
            $order_id = $_SESSION['order_id'];
            
            $transactionID = strtoupper($order_id);     
            $transactionID = urlencode($transactionID);      
            $nvpStr = "&TRANSACTIONID=$transactionID";
            $paypalhttppost = new paypalhttppost();
            $httpParsedResponseAr = $paypalhttppost->PPWebservice('GetTransactionDetails', $nvpStr);        
           
            if("Success" == $httpParsedResponseAr["ACK"]) 
            {    
               
                
                $first_name = $this->first_name;
                $last_name = $this->last_name;   
                $street_address = $this->street_address;
                $city = $this->city;
                $state = $this->state;
                $zip_code = (int)$this->zip_code;
                $service = (string)$this->service;
                $carrier = (string)$this->carrier_name;
                $shipping_total = (double)$this->shipping_total;
                
               
                //Bind information to prevent sql injection attacks
                $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());     

                $query = "INSERT INTO shipping(order_id, first_name, last_name, street_address, city, state, zip_code, carrier, service, shipping_total) VALUES(?,?,?,?,?,?,?,?,?,?)";       
               
                $stmt = $mysqli_conn->prepare($query);                 
                $stmt->bind_param('ssssssissd', $order_id, $first_name, $last_name, $street_address, $city, $state, $zip_code, $carrier, $service, $shipping_total); 
                $stmt->execute();
                

                $item_id = $stmt->insert_id;
                $stmt->close();     
                $mysqli_conn->close();
                $xml_string .= "<xml>";    
                $xml_string .= "<added>1</added>";      
                $xml_string .= "<item_id>" . $item_id . "</item_id>";
                $xml_string .= "</xml>"; 
            }
            else
            {
                $xml_string .= "<xml>";    
                $xml_string .= "<added>0</added>";      
                $xml_string .= "<item_id>0</item_id>";
                $xml_string .= "</xml>"; 
            
            }           
            
                
        }
        else
        {
             $xml_string .= "<xml>";    
             $xml_string .= "<added>0</added>";      
             $xml_string .= "<item_id>0</item_id>";
             $xml_string .= "</xml>"; 
             
        }
        return $xml_string; 
        
        
    }
    public function deletecarrierbycarriername()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {     
            $carrier_name = $this->carrier_name;
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
            $query = "DELETE FROM shipping_carrier WHERE carrier_name = (?)";
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('s', $carrier_name); 
            $stmt->execute();
            $number_deleted = $stmt->affected_rows;
            $stmt->close(); 
            $mysqli_conn->close();
        }       
        
        $xml_string .= "<xml>";        
        $xml_string .= "<deleted>$number_deleted</deleted>";
        $xml_string .= "</xml>";            
        return $xml_string;
    }   
    public function deleteservice()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {    
            $service_id = $this->service_id;
            //Bind information to prevent sql injection attacks
            $mysqli_conn = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die('Could not connect: ' . mysqli_error());  
            $query = "DELETE FROM shipping_service WHERE id = (?)";
            $stmt = $mysqli_conn->prepare($query);                 
            $stmt->bind_param('i', $service_id); 
            $stmt->execute();
            $number_deleted = $stmt->affected_rows;
            $stmt->close(); 
            $mysqli_conn->close();
        }       
        
        $xml_string .= "<xml>";        
        $xml_string .= "<deleted>$number_deleted</deleted>";
        $xml_string .= "<service_id>$service_id</service_id>";
        $xml_string .= "</xml>";            
        return $xml_string;
    }   
    public function getshippingbyorderid()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];
        $mypassword=$_SESSION['password'];
        $query="SELECT COUNT(id) AS Item_Count FROM members WHERE username=? and password=?";               
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
        // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
        $stmt = $mysqli->prepare($query);
        // Prepare statement, bind result variables, execute and place results into bound result variables
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();        
        $count = $Item_Count;
        $stmt->close();
        $mysqli->close();
        //this checks to make sure that the username and password match for authentication
        if($count==1)
        {     
            $order_id = $this->order_id;
            $query = "SELECT count(*) AS item_count FROM shipping WHERE order_id=?";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
            // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
            $stmt = $mysqli->prepare($query);
            // Prepare statement, bind result variables, execute and place results into bound result variables
            $stmt->bind_param('s', $order_id);
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();        
            $stmt->close();
            $mysqli->close();    
            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";   
                
            if($Item_Count != 0)
            {
                $query = "SELECT * FROM shipping WHERE order_id=?";                                                                          
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
                $stmt = $mysqli->prepare($query);
                $stmt->bind_param('s', $order_id);
                $stmt->execute();
                $stmt->bind_result($id, $order_id, $first_name, $last_name, $street_address, $city, $state, $zip_code, $carrier, $service, $shipping_total);                
                $stmt->fetch();  
                $stmt->close();
                $mysqli->close();            
                $xml_string .= "<Item>"; 
                $xml_string .= "<order_id>" . $order_id . "</order_id>";   
                $xml_string .= "<first_name>" . $first_name . "</first_name>";
                $xml_string .= "<last_name>" . $last_name . "</last_name>";
                $xml_string .= "<street_address>" . $street_address . "</street_address>";
                $xml_string .= "<city>" . $city . "</city>";
                $xml_string .= "<state>" . $state . "</state>";
                $xml_string .= "<zip_code>" . $zip_code . "</zip_code>"; 
                $xml_string .= "<carrier>" . $carrier . "</carrier>";
                $xml_string .= "<service>" . $service . "</service>";  
                $xml_string .= "<shipping_total>" . $shipping_total . "</shipping_total>";  
                $xml_string .= "</Item>";                 
            }
            $xml_string .= '</xml>';
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    }
    public function getshippingcarrierbycarriername()
    {    
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {    
     
            $carrier_name = $this->carrier_name;
            //make sure that the payment with that particular order_id is there
            $query = "SELECT count(*) AS item_count FROM shipping_carrier WHERE carrier_name = ?";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            $stmt->bind_param('s', $carrier_name);      
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();          
            $stmt->close();
            $mysqli->close(); 

            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

            if($Item_Count != 0)
            { 

                $query = "SELECT * FROM shipping_carrier WHERE carrier_name = ?";  
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
                $stmt = $mysqli->prepare($query);
                if($stmt)
                {

                    $stmt->bind_param('s', $carrier_name); 
                    $stmt->execute();
                    $stmt->bind_result($carrier_id, $carrier_name);   

                    while ($stmt->fetch()) 
                    {   
                        $xml_string .= "<Item>"; 
                        $xml_string .= "<carrier_id>" . $carrier_id . "</carrier_id>";
                        $xml_string .= "<carrier_name>" . $carrier_name . "</carrier_name>";
                        $xml_string .= "</Item>";
                    } 
                    $stmt->close();
                    $mysqli->close();
                }
            }
            $xml_string .= '</xml>';
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    }
    public function getshippingcarrierbycarrierid()
    {    
        $xml_string = "";
       
        $carrier_id = $this->carrier_id;  
        //make sure that the payment with that particular order_id is there
        $query = "SELECT count(*) AS item_count FROM shipping_carrier WHERE id= ?";
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('i', $carrier_id);      
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();          
        $stmt->close();
        $mysqli->close(); 
        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    
        if($Item_Count != 0)
        {
            $query = "SELECT * FROM shipping_carrier WHERE id= ?";  
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            if($stmt)
            {

                $stmt->bind_param('i', $carrier_id); 
                $stmt->execute();
                $stmt->bind_result($carrier_id, $carrier_name);   

                while ($stmt->fetch()) 
                {      
                  
                  $xml_string .= "<Item>"; 
                  $xml_string .= "<carrier_id>" . $carrier_id . "</carrier_id>";  
                  $xml_string .= "<carrier_name>" . $carrier_name . "</carrier_name>";
                  $xml_string .= "</Item>";
                }
                $xml_string .= '</xml>'; 
                $stmt->close();
                $mysqli->close();
            }                  
        }
        else
        {
            $xml_string .='</xml>';
        }
        return $xml_string;          
    } 
    public function getshippingcarriers()
    {    
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {    
     
            //make sure that the payment with that particular order_id is there
            $query = "SELECT count(*) AS item_count FROM shipping_carrier";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);     
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();          
            $stmt->close();
            $mysqli->close(); 

            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

            if($Item_Count != 0)
            { 
                $query = "SELECT * FROM shipping_carrier";  
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
                $stmt = $mysqli->prepare($query);
                if($stmt)
                { 
                    $stmt->execute();
                    $stmt->bind_result($carrier_id, $carrier_name);   

                    while ($stmt->fetch()) 
                    {    
                        $xml_string .= "<Item>"; 
                        $xml_string .= "<carrier_id>" . $carrier_id . "</carrier_id>";
                        $xml_string .= "<carrier_name>" . $carrier_name . "</carrier_name>";
                        $xml_string .= "</Item>";
                    }
                    $stmt->close();
                    $mysqli->close(); 
                }
            }
            $xml_string .= '</xml>';
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    } 
     
    public function getshippingservicebycarrierid()
    {
        $xml_string = "";
        $myusername=$_SESSION['username'];  
        $mypassword=$_SESSION['password'];
        $query= "SELECT COUNT(*) AS Item_Count FROM members WHERE username= ? and password= ?";   
        
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);
                  
        $stmt = $mysqli->prepare($query);
        $stmt->bind_param('ss', $myusername, $mypassword);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();
        $stmt->close();
        $mysqli->close();
         
        //this checks to make sure that the username and password match for authentication
        if($Item_Count == 1)
        {    
            $carrier_id = $this->carrier_id;
            //make sure that the payment with that particular order_id is there
            $query = "SELECT count(*) AS item_count FROM shipping_service WHERE carrier_id= ?";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);
            $stmt->bind_param('i', $carrier_id);      
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();          
            $stmt->close();
            $mysqli->close(); 

            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

            if($Item_Count != 0)
            { 
                $query = "SELECT * FROM shipping_service WHERE carrier_id= ?";  
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
                $stmt = $mysqli->prepare($query);
                if($stmt)
                {

                    $stmt->bind_param('i', $carrier_id); 
                    $stmt->execute();
                    $stmt->bind_result($id, $weight_max, $carrier_id, $service_id, $service);   

                    while ($stmt->fetch()) 
                    {     
                        $xml_string .= "<Item>"; 
                        $xml_string .= "<id>" . $id . "</id>";
                        $xml_string .= "<weight_max>" . $weight_max . "</weight_max>";
                        $xml_string .= "<carrier_id>" . $carrier_id . "</carrier_id>"; 
                        $xml_string .= "<service_id>" . $service_id . "</service_id>";  
                        $xml_string .= "<service>" . $service . "</service>";   
                        $xml_string .= "</Item>";            
                    }
                    $stmt->close();
                    $mysqli->close(); 
                }
            }
            $xml_string .= '</xml>';
        }
        else
        {
            $xml_string .= '<xml><Item_Count>0</Item_Count></xml>';
        }
        return $xml_string;
    } 
    public function getshippingservicebyserviceid()
    {
        $xml_string = "";
        $service_id = (int)$this->service_id;
        //make sure that the payment with that particular order_id is there
        $query = "SELECT count(*) AS item_count FROM shipping_service WHERE id=?";
        $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
        // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
        $stmt = $mysqli->prepare($query);
        // Prepare statement, bind result variables, execute and place results into bound result variables
        $stmt->bind_param('i', $service_id);
        $stmt->execute();
        $stmt->bind_result($Item_Count);
        $stmt->fetch();  
        $stmt->close();
        $mysqli->close();           
        $xml_string .= "<xml>";
        $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";      
        if($Item_Count != 0)
        {
            $query = "SELECT * FROM shipping_service WHERE id=?";                 
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName) or die("Problem connecting: ".mysqli_error());
            // Allocates and initializes a statement object suitable for mysqli_stmt_prepare().
            $stmt = $mysqli->prepare($query);
            // Prepare statement, bind result variables, execute and place results into bound result variables
            $stmt->bind_param('s', $service_id);
            $stmt->execute();
            $stmt->bind_result($id, $weight_max, $carrier_id, $service_id, $service); 
            $stmt->fetch();  
            $stmt->close();
            $mysqli->close();                                      
            $xml_string .= "<Item>"; 
            $xml_string .= "<id>" . $id . "</id>";
            $xml_string .= "<weight_max>" . $weight_max . "</weight_max>"; 
            $xml_string .= "<carrier_id>" . $carrier_id . "</carrier_id>";  
            $xml_string .= "<service_id>" . $service_id . "</service_id>"; 
            $xml_string .= "<service>" . $service . "</service>";
            $xml_string .= "</Item>";
                         
        }
        $xml_string .= '</xml>';
        return $xml_string;
    }
    public function getshippingservices()
    {
        $xml_string = "";

           
            //make sure that the payment with that particular order_id is there
            $query = "SELECT count(*) AS item_count FROM shipping_service";
            $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
            $stmt = $mysqli->prepare($query);     
            $stmt->execute();
            $stmt->bind_result($Item_Count);
            $stmt->fetch();          
            $stmt->close();
            $mysqli->close(); 

            $xml_string .= "<xml>";
            $xml_string .= "<Item_Count>" . $Item_Count . "</Item_Count>";    

            if($Item_Count != 0)
            { 
                $query = "SELECT * FROM shipping_service";  
                $mysqli = new mysqli($this->site_dbServer, $this->site_dbUser, $this->site_dbPassword, $this->site_dbName);                  
                $stmt = $mysqli->prepare($query);
                if($stmt)
                { 
                    $stmt->execute();
                    $stmt->bind_result($id, $weight_max, $carrier_id, $service_id, $service);   

                    while ($stmt->fetch()) 
                    {                      
                        $xml_string .= "<Item>"; 
                        $xml_string .= "<id>" . $id . "</id>";
                        $xml_string .= "<weight_max>" . $weight_max . "</weight_max>";       
                        $xml_string .= "<carrier_id>" . $carrier_id . "</carrier_id>";  
                        $xml_string .= "<service_id>" . $service_id . "</service_id>"; 
                        $xml_string .= "<service>" . $service . "</service>";
                        $xml_string .= "</Item>";
                    } 
                    $stmt->close();
                    $mysqli->close();                    
                }
            }
            $xml_string .= '</xml>';
            return $xml_string;
        
    }
   
   
}

 
?>
